open-code-review

Scan AI-generated code for hallucinated packages, stale APIs, security anti-patterns, and over-engineering. Use when: (1) reviewing PRs with AI-generated code, (2) running pre-merge quality gates, (3) scanning repos for AI-specific defects that traditional linters miss. NOT for: basic linting, formatting, or general code review guidance.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "open-code-review" with this command: npx skills add raye-deng/open-code-review

Open Code Review — AI Code Quality Scanner

Scan codebases for AI-specific defects that traditional linters (ESLint, SonarQube, Checkstyle) cannot detect.

What It Detects

CategoryExampleSeverity
Hallucinated packagesimport { parseJson } from 'fast-json-utils' (package doesn't exist on npm)🔴 Critical
Stale APIsresponse.json().then() with v2 API that was removed in v4🟡 Warning
Context breaksTwo files reference the same function name with different signatures🟡 Warning
Security anti-patternsHardcoded secrets, deprecated crypto, insecure defaults🔴 Critical
Over-engineeringUnnecessary abstraction layers, dead code, excessive indirection🔵 Info

Quick Start

# Install
npx @opencodereview/cli scan ./src --sla L1

# With AI-powered deep scan (requires Ollama or API key)
npx @opencodereview/cli scan ./src --sla L2

# Diff mode for CI/CD
npx @opencodereview/cli scan ./src --diff --base origin/main --head HEAD

# SARIF output for GitHub Actions
npx @opencodereview/cli scan ./src --format sarif --output results.sarif

Three Scan Levels

  • L1 — Structural analysis (AST, ~3 seconds, no AI needed)
  • L2 — L1 + Embedding recall (detects hallucinated packages via vector similarity)
  • L3 — L2 + LLM deep scan (understands context, semantics, business logic)

GitHub Action

- uses: raye-deng/open-code-review@v1
  with:
    scan-path: src/
    sla-level: L1
    diff-mode: true

MCP Server

Available on Smithery, Cursor Directory, and npm:

{
  "mcpServers": {
    "open-code-review": {
      "url": "https://open-code-review-mcp.v2ray-seins.workers.dev/mcp"
    }
  }
}

Or via stdio:

{
  "mcpServers": {
    "open-code-review": {
      "command": "npx",
      "args": ["-y", "@opencodereview/mcp-server"]
    }
  }
}

Supported Languages

TypeScript, JavaScript, Python, Java, Go, Kotlin

When to Use This Skill

  • A PR contains AI-generated code (Copilot, Cursor, Claude, GPT)
  • You want to catch defects that pass all unit tests but will fail in production
  • Pre-merge quality gate for AI-assisted development workflows
  • Scanning third-party AI-generated code before integration

When NOT to Use

  • Basic linting (use ESLint, Ruff, Checkstyle instead)
  • Code formatting (use Prettier, gofmt)
  • General code review guidance (use the built-in code-review skill)

Links

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

xfire Security PR Review

Multi-agent adversarial security review — 3 AI agents debate every finding, only real vulnerabilities survive

Registry SourceRecently Updated
1730Profile unavailable
Security

AGENTIC AI GOLD STANDARD

The only agent framework that improves itself while you sleep. Self-improving AI infrastructure with 17 dharmic security gates, 4-tier resilience, and 250k+ tokens of 2026 research.

Registry SourceRecently Updated
2.2K5Profile unavailable
General

Purefeed

Monitors Twitter/X feeds with AI signal detection. Searches tweets semantically, manages signal detectors, generates human-sounding posts, checks AI detectio...

Registry SourceRecently Updated
2080Profile unavailable
Coding

Cortex Engine

Persistent cognitive memory for AI agents — query, record, review, and consolidate knowledge across sessions with spreading activation, FSRS scheduling, and...

Registry SourceRecently Updated
371Profile unavailable