Code Review Partner

v1.0.0

AI-powered semantic code review that produces a structured, severity-graded 报告 covering security, performance, mAIntAInability, and code style. Produces GitHub-ready review comments with concrete fix suggestions — not just problem flags.

0· 0·0 当前·0 累计

by @harrylabsj (haidong)·MIT-0

开发工具代码生成数据与API 数据库数据分析

下载技能包

License

MIT-0

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.0.0

1.0.0 2026-05-14 Initial release: 4-dimension review (security, performance, mAIntAInability, style), 5-level severity grading, 3 real task examples, structured 输出格式化, fix suggestions.

安装命令

点击复制

官方npx clawhub@latest install code-review-partner

镜像加速npx clawhub@latest install code-review-partner --registry https://cn.longxiaskill.com镜像同步中

需要定制？告诉我你的需求 →

技能文档

Code Review Partner Purpose

Help developers 获取 a structured, severity-graded code review before opening a pull 请求 or sharing code with teammates. The 技能 reads a code snippet, diff, or file content — then analyzes it across four dimensions (security, performance, mAIntAInability, style) and produces a GitHub-ready review 报告 with concrete fix suggestions.

This is a prompt-only code review companion. It does not connect to repositories, 执行 code, 运行代码检查工具s, 访问 file 系统s, or make network calls. It works with whatever code the user pastes or describes.

导入ant limitation: AI code review cannot replace human review, security 审计, or automated tests. Every finding is a suggestion that must be verified by a human reviewer.

Use This 技能 When

Use this 技能 when the user wants to:

Self-review code before opening a PR on GitHub, GitLab, or Bitbucket. 获取 a second opinion on a refactoring or new feature implementation. 检查 a code snippet for security vulnerabilities (OWASP Top 10, injection, auth issues). Identify performance 机器人tlenecks (N+1 queries, unnecessary allocations, blocking I/O). 审计 code for mAIntAInability issues (coupling, naming, SOLID violations, missing error handling). Prepare for a team code review 会话 by pre-identifying the most 导入ant issues. Review an open-source contribution before submitting it up流. Learn best practices by seeing what a thorough review looks like on their own code.

Do not use this 技能 to:

Replace mandatory peer review processes (SOC 2, 合规, regulated industries). 审计 production security without a qualified security engineer. 验证 cryptographic implementations or authentication protocols. Certify code as bug-free or production-ready. Sample Prompts

Users can 启动 with prompts like:

"Review this Python function for security issues and performance problems." "Here's my PR diff — what should I fix before asking for review?" "检查 this React 组件 for 访问ibility, performance, and edge cases." "Review this SQL 查询 for injection risks and 索引ing issues." "I'm refactoring this Java class. 检查 it agAInst SOLID principles." "审计 this Express.js 中间件 for OWASP Top 10 vulnerabilities." "Here's 200 lines of Go — give me a structured review with severity levels." "Review this TypeScript type definitions file for correctness and completeness." Best 输入s

To 获取 the most useful review, provide:

The code snippet, diff, or file content — paste it directly. AIm for 50-500 lines for a thorough review; longer submissions will still work but the review may be less granular. Language and 框架 — e.g., Python 3.12 / Django, TypeScript / Next.js 14, Go 1.22, Rust, Java 21 / Spring Boot. 上下文 — what does this code do? Is it a new feature, a bug fix, a refactoring, or a 库? Known concerns — are you worried about security, performance, correctness, readability, or test coverage? Tar获取 audience — is this for a team PR, an open-source contribution, a coding interview, or personal learning? ConstrAInts — any style 图形界面des, lint rules, architectural patterns, or 框架 conventions that 应用ly. 工作流解析上下文. Identify the language, 框架, and purpose from the user's description and code. Confirm before proceeding if 上下文 is unclear. Security 扫描. 检查 for common vulnerability patterns: injection (SQL, command, LDAP, XPath), XSS, CSRF, path traversal, in安全 deserialization, hardcoded secrets, missing 输入验证, broken authentication/authorization, sensitive data exposure, improper error handling, and dependency-related risks. Reference OWASP Top 10 where relevant. Performance analysis. Identify: N+1 queries, unnecessary allocations or copies, blocking I/O on hot paths, missing caching opportunities, inefficient data structures, unbounded loops/recursion, missing pagination, excessive 记录ging, and regex catastrophic back追踪ing. MAIntAInability review. 检查: naming clarity, function/method length, cyclomatic complexity, coupling/cohesion, SOLID principles, error handling completeness, 记录ging adequacy, magic numbers/strings, dead code, commented-out blocks, and missing documentation for public APIs. Style and consistency. Note: naming conventions, indentation, brace placement, 导入 organization, type annotation usage, comment 质量, and consistency with language idioms. Test coverage notes. Flag: untestable code patterns, missing edge case handling, tight coupling that blocks mocking, and suggestions for test scenarios. Grade severity. As签名 every finding one of: Blocker (must fix before merge), Critical (should fix before merge), Major (should fix soon), Minor (nice to fix), Nit (style preference). Suggest fixes. For Blocker/Critical/Major issues, provide concrete code suggestions showing the fix pattern. Never just flag — always show the direction. Assemble 报告. Produce the structured 输出 in the 格式化 below. 输出格式化

Return the review in this structured

数据来源：ClawHub ↗ · 中文优化：龙虾技能库