Code Review Cycle — 技能工具
v0.1.4执行 Coding ↔ Review 循环。A 写代码 → B Review → A 修改(可选)。支持 codex/claude-code 作为 A 或 B。
0· 325·0 当前·0 累计
by 安全扫描
OpenClaw
安全
high confidenceThe skill's requirements, files, and runtime instructions are consistent with a code-review orchestration helper; nothing requested is disproportionate to its stated purpose.
评估建议
This skill appears to do what it says: orchestrate a coder (A) and reviewer (B) loop. Before installing or running it, consider: 1) The reviewer role is only a behavioral constraint in the instructions — the platform or model must enforce 'read-only'; it is not technically enforced by the script. 2) A's output (diffs, code) is passed into B as plain text — do not use this on sensitive/private code or secrets unless you trust the models/providers. 3) The helper script is small and only prints JSO...详细分析 ▾
✓ 用途与能力
Name/description (orchestrate a coder + reviewer loop) matches the artifact: SKILL.md describes spawning A/B agents and run.js prints the session payloads. No unrelated credentials, binaries, or install steps are requested.
ℹ 指令范围
SKILL.md and run.js confine actions to spawning agents and exchanging textual diffs/outputs. However, the 'B only-read' rule is a behavioral constraint expressed in text and not technically enforced by the script — the skill relies on agent-side enforcement. The skill also passes A's output as input to B (expected), which could expose any secrets present in A's output to the reviewer agent.
✓ 安装机制
No install spec — instruction-only plus a small helper script (run.js). Nothing is downloaded or written to disk by an installer; lowest-risk install posture.
✓ 凭证需求
No environment variables, credentials, or config paths are requested. The scope of requested access is minimal and proportional to a code-review orchestrator.
✓ 持久化与权限
always is false and the skill doesn't request persistent system modifications. The script and SKILL.md state sessions are temporary and do not retain context; there is no attempt to modify other skills or system-wide settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.42026/3/15
Version 0.1.4 - Major docs rework: greatly simplified SKILL.md, focusing on usage, roles, and workflow. - Added a new README.md file. - Updated default values and option details for `--agent-b` and `--rounds` parameters. - Clarified the output format for both Coder (A) and Reviewer (B). - Removed complex setup and ACP/OpenClaw runtime details from user-facing docs.
● 无害
安装命令 点击复制
官方npx clawhub@latest install code-review-cycle-skill
镜像加速npx clawhub@latest install code-review-cycle-skill --registry https://cn.clawhub-mirror.com
技能文档
执行 A(编码) → B(Review) → 决策 的协作流程。
角色职责
| 角色 | 职责 | 权限 |
|---|---|---|
| A (Coder) | 写代码、改文件、实现功能 | ✅ 可写文件 |
| B (Reviewer) | Review 代码、提建议、做决策 | ❌ 只读,不写文件 |
| 主会话 | 调度 A/B、传递上下文、最终决策 | - |
触发方式
/cr <功能描述>
/cr --agent-a codex --agent-b claude-code <功能描述>
/cr --rounds 2 <功能描述> # 最多自动循环 2 轮
参数
| 参数 | 默认值 | 说明 |
|---|---|---|
--agent-a | codex | 负责写代码的 agent (codex/claude-code) |
--agent-b | claude-code | 负责 Review 的 agent |
--rounds | 0 | 自动循环轮数(0=只执行 A→B,等你决定) |
--cwd | 当前 workspace | 代码目录 |
流程
- Spawn A → 写代码,输出 diff + 说明
- Spawn B → 只读 Review,输出:严重问题/建议优化/结论(不写文件)
- 决策点:
--rounds > 0 且 B 认为需要修改 → 自动回到步骤 1(最多 rounds 轮)
- 否则 → 等你指令输出格式约定
A 的输出
## [A-Code] 改动摘要
- 文件 1: ...
[A-Code] 实现说明
...[A-Code] 待确认点
- ...
B 的输出(只读 Review)
## [B-Review] 严重问题
- [ ] ...
[B-Review] 建议优化
- [ ] ...
[B-Review] 结论
□ 需要修改(具体问题:#1, #3)
□ 可以直接合并
[B 职责说明] 我只负责 Review,不修改任何文件。如需修改,请 A 执行。
示例
/cr 实现用户登录表单验证
/cr --agent-a claude-code --agent-b codex 添加暗色模式切换
/cr --rounds 2 重构 utils/date.ts 增加单元测试
注意事项
- 主会话作为调度器,保留所有历史便于追溯
- 每轮结束后会暂停等你确认(除非 rounds>1)
- A 和 B 的会话是临时的,用完即弃(不保留上下文)
- B 只读不写 — Review 角色不修改任何文件
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制