🔍 C++ Code Review Master — C++代码评审
v1.0.0融合静态分析、AI推理与多轮迭代,一键完成PR、增量或全量C++代码质量评分与专项检查,让缺陷无所遁形。
0· 75·0 当前·0 累计
by @bigmasteryy下载技能包
最后更新
2026/4/7
安全扫描
OpenClaw
安全
medium confidenceThe skill's files and runtime instructions are consistent with a C++ code-review tool; it requires no hidden credentials or installs, but pay attention to optional model API keys and the auto-fix behavior before enabling it on sensitive repos.
评估建议
This skill appears to do what it advertises (local static regex checks + multi-reviewer AI analysis + optional fixes). Before installing or using it: 1) Confirm the required sub-skills (cpp, code-review-sr, iterative-code-review, modified-code-review, code-review-fix) are trusted and available; the package lists them but does not ship their code here. 2) If you do not want your source code sent to third-party models, do NOT set external API keys (e.g., ANTHROPIC_API_KEY) and prefer a local model...详细分析 ▾
✓ 用途与能力
Name/description (C++ code review) align with the instructions: local regex checks, three AI reviewers, reporting and optional auto-fix. Declared dependent sub-skills (cpp, code-review-sr, iterative-code-review, modified-code-review, code-review-fix) fit the stated architecture.
ℹ 指令范围
SKILL.md instructs the agent to collect code context (files/dirs/git diff/PR via `gh`/`git`), run local regex/static checks, spawn three reviewer subagents, aggregate results and optionally apply fixes. That scope matches the stated purpose, but the handbook also mentions optional external model usage (ANTHROPIC_API_KEY) — which means code and diffs could be sent to an external API if the user enables that mode. The skill claims a default 'local analysis mode' for not sending code externally, but that choice is left to runtime configuration.
✓ 安装机制
Instruction-only skill with no install spec and no included binaries or artifacts. This is the lowest-risk install model and matches the provided files and usage.
ℹ 凭证需求
The skill metadata declares no required env vars, which is reasonable for local-only operation. However HANDBOOK.md references optional environment variables (ANTHROPIC_API_KEY, OLLAMA_HOST) to enable AI reviewers — those are not declared in requires.env. This is not necessarily malicious, but it's an inconsistency you should be aware of: enabling AI review with an API key could transmit code to external services.
✓ 持久化与权限
always is false and the skill does not request elevated or permanent platform privileges. It may spawn subagents (normal for multi-reviewer design) and can modify files only via the optional auto-fix flow, which the docs state requires user confirmation by default.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/7
Initial release: C++ focused code review combining static analysis, AI-powered multi-reviewer, iterative review, and auto-fix capabilities.
● 可疑
安装命令
点击复制官方npx clawhub@latest install cpp-code-review-master
镜像加速npx clawhub@latest install cpp-code-review-master --registry https://cn.longxiaskill.com