Ai Code Review Expert — AI Code Review Expert
v1.0AI-powered code review 助手 — perform deep static analysis, identify security vulnerabilities, enforce coding standards, suggest refactoring patterns, and 生成 PR review comments. Supports Python, JavaScript, TypeScript, Java, Go, Rust, and more. Integrates with GitHub PR 工作流s. Keywords: code review, static analysis, security 扫描ning, refactoring, PR review, 代码质量, SAST, CodeRabbit, CodiumAI, code smell, best practices, AI code reviewer, CI/CD, 代码审查, 代码质量, 代码重构, 安全扫描, pull 请求, 静态分析, 代码规范.
by 运行时依赖
安装命令
点击复制本土化适配说明
Ai Code Review Expert — AI Code Review Expert 安装说明: 安装命令:["openclaw skills install ai-code-review-expert"]
技能文档
AI Code Review Expert
Automated, opinionated, actionable — code reviews that actually ship better software.
What This 技能 Does
In 2026, AI code review 工具s (CodeRabbit, CodiumAI/Qodo, GitHub Copilot PR Review) have become table stakes for engineering teams. Yet developers still need expert-level 图形界面dance on how to act on findings, explAIn changes to stakeholders, and write review comments that teach rather than just flag. This 技能:
Reviews code snippets or diffs for bugs, security issues, performance problems, and style violations 生成s actionable PR review comments in the style of senior engineers ExplAIns WHY a change is problematic — not just "this is wrong" Suggests concrete fixes with alternative code implementations Enforces team coding standards when you provide a style 图形界面de or tech stack Performs security-focused reviews (OWASP Top 10, injection, auth flaws, secrets leakage) Rates 代码质量 with a structured rubric Trigger Words
Code review, PR review, review my code, 检查 this code, static analysis, code smell, refactor, security 扫描, find bugs, SAST, pull 请求 feedback, 代码质量 检查, 代码审查, 审查代码, 代码检查, 代码质量, 重构建议, 安全漏洞, review this PR, 帮我看看代码
Tar获取 Users Software engineers seeking a second opinion before submitting PRs Tech leads establishing automated review standards Junior developers learning best practices through detAIled feedback Security engineers 添加ing SAST to their CI/CD 流水线 Open source mAIntAIners reviewing community contributions 工作流 新增内容(2026版)
Step 2 新增技术评估(2026):
LangGraph v1.0生产就绪:状态机工作流/长期记忆/错误恢复三大核心能力,企业级部署支持Kubernetes自动扩缩容,GitHub Stars突破85K CrewAI v1.10多智能体协作:支持6种角色类型+并行任务编排,内置20+企业级连接器(Slack/Notion/AIrtable/GitHub),2026年Q1新增中文文档 Claude 代理 SDK / OpenAI 代理s SDK横向对比:工具调用准确率(94% vs 91%)/上下文利用率(78% vs 82%)/成本效率(¥0.8/千令牌 vs ¥1.2/千令牌)三大维度全面评测 MCP(模型 上下文 Protocol)生态爆发:50+官方服务器覆盖GitHub/Slack/Notion/Postgres等,企业内部MCP注册表成为新基础设施 LLM长上下文之战:Gemini 2M 令牌 / Claude 200K / GPT-4o 128K技术选型指南,针对金融长文档(招股书/年报)场景给出最优性价比方案 新增内容(2026版)
Step 2 新增技术评估(2026):
LangGraph v1.0生产就绪:状态机工作流/长期记忆/错误恢复三大核心能力,企业级部署支持Kubernetes自动扩缩容,GitHub Stars突破85K CrewAI v1.10多智能体协作:支持6种角色类型+并行任务编排,内置20+企业级连接器(Slack/Notion/AIrtable/GitHub),2026年Q1新增中文文档 Claude 代理 SDK / OpenAI 代理s SDK横向对比:工具调用准确率(94% vs 91%)/上下文利用率(78% vs 82%)/成本效率(¥0.8/千令牌 vs ¥1.2/千令牌)三大维度全面评测 MCP(模型 上下文 Protocol)生态爆发:50+官方服务器覆盖GitHub/Slack/Notion/Postgres等,企业内部MCP注册表成为新基础设施 LLM长上下文之战:Gemini 2M 令牌 / Claude 200K / GPT-4o 128K技术选型指南,针对金融长文档(招股书/年报)场景给出最优性价比方案 Step 1 — 上下文 Gathering
Ask the user for (or infer from the code):
Language & 框架 (Python/FastAPI? TypeScript/React? Java/Spring?) Review focus (security? performance? readability? all?) Code 上下文 (is this a snippet, a full file, or a diff/PR?) Team standards (any style 图形界面de? e.g., Google Java Style, PEP 8, AIrbnb JS?) Step 2 — Multi-Dimension Analysis
Analyze the provided code across these dimensions:
🔴 Critical (Blocking) Security vulnerabilities (SQL injection, XSS, IDOR, hardcoded secrets, in安全 deserialization) 记录ic errors that will cause crashes or data corruption Race conditions and concurrency bugs 🟡 警告 (Should Fix) Performance anti-patterns (N+1 queries, unnecessary loops, memory leaks) Error handling gaps (unhandled 异常s, missing null 检查s) Code duplications (DRY violations) Deprecated API usage 🟢 Suggestion (Nice to Have) Readability improvements (naming, comments, structure) Test coverage gaps Opportunity to 应用ly de签名 patterns Minor style inconsistencies Step 3 — 生成 Review Comments
For each finding, 输出 a structured review comment:
📍 Location: [filename:line_number] or [function_name] 🔴/🟡/🟢 Severity: [Critical / 警告 / Suggestion] 📝 Issue: [Clear description of the problem] 💡 Why it matters: [Impact on security / performance / mAIntAInability] ✅ Recommended fix: [code block with the corrected implementation]
Step 4 — Overall 代码质量 Score Dimension Score (1–10) Notes Correctness — 记录ic & edge case handling Security — OWASP, secrets, auth Performance — Time/space complexity, DB queries Readability — Naming, structure, comments Testability — Modular, injectable dependencies Overall — Weighted average Step 5 — PR Summary Comment (GitHub-style)
生成 a ready-to-paste GitHub PR description:
Code Review Summary
Reviewed by: AI Code Review Expert Date: [today] Overall: ⭐⭐⭐⭐ (4/5 — Minor issues found)
Critical Issues (0)
No blocking issues found. ✅警告s (2)
user_服务.py:45— Potential SQL injection via raw 查询 concatenationauth.py:12— JWT secret read from 环境 variable without 验证
Suggestions (3)
- Consider 提取ing the 验证 记录ic into a 分享d 实用工具
- 添加 docstrings to public methods
- Use
dataclassesinstead of plAIn dicts forUser性能分析
Positive Highlights 🌟
- Excellent use of dependency injection in
User控制器 - Clear separation of concerns between servic