code-review

Systematic code analysis with evidence collection

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "code-review" with this command: npx skills add simhacker/moollm/simhacker-moollm-code-review

Code Review

"Read with intent. Question with purpose. Document with care."

Systematic code analysis with evidence collection. Code review IS an adventure — the codebase is the dungeon, findings are clues.

Review Process

READ → NOTE ISSUES → CLASSIFY → REPORT

Step 1: Setup

  1. Create REVIEW.yml
  2. Identify files to review
  3. Define focus areas

Step 2: Overview

  1. List all changed files
  2. Read PR/commit description
  3. Note initial impressions

Step 3: Deep Review

For each file:

  1. Read the code
  2. Check against criteria
  3. Note findings
  4. Run relevant checks

Step 4: Verification

  1. Run tests
  2. Run linters
  3. Check regressions

Step 5: Synthesize

  1. Compile findings
  2. Prioritize issues
  3. Generate REVIEW.md
  4. State recommendation

Finding Severity

LevelSymbolMeaningAction
Blocking🚫Must fix before mergeRequest changes
Important⚠️Should fix or explainRequest changes
Minor💡Nice to fixComment only
Praise🎉Good work!Celebrate

Finding Types

  • Security — Injection, auth, sensitive data
  • Correctness — Logic errors, edge cases
  • Performance — N+1 queries, memory leaks
  • Maintainability — Clarity, DRY, naming
  • Style — Formatting, conventions

Review Checklist

Security

  • Input validation
  • Output encoding
  • Authentication/authorization
  • Sensitive data handling
  • Injection vulnerabilities
  • Timing attacks

Correctness

  • Logic errors
  • Edge cases handled
  • Null/undefined handling
  • Error handling
  • Race conditions
  • Resource cleanup

Maintainability

  • Code clarity
  • Appropriate comments
  • Consistent naming
  • DRY (no duplication)
  • Single responsibility
  • Testability

Performance

  • Algorithmic complexity
  • Memory usage
  • Database queries
  • Caching
  • Unnecessary operations

Core Files

REVIEW.yml

review:
  name: "PR #123: Add user authentication"
  status: "in_progress"
  
findings:
  blocking:
    - id: "B1"
      file: "src/auth/login.ts"
      line: 45
      type: "security"
      summary: "Timing attack vulnerability"
      
  important: []
  minor: []
  praise: []

verification:
  tests: { ran: true, passed: true }
  linter: { ran: true, passed: false, issues: 3 }

REVIEW.md

Formatted document with:

  • Summary and counts
  • Issues by severity
  • Verification results
  • Recommendation

Verification Commands

tests:
  - "npm test"
  - "pytest"
  - "go test ./..."
  
linters:
  - "npm run lint"
  - "flake8"
  - "golangci-lint run"

Recommendation Output

OutcomeMeaning
approveGood to merge
request_changesHas blocking/important issues
commentMinor feedback only

See Also

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Code Review

AI-powered code review that combines fast local static analysis with deep AI reasoning. Catches bugs, security vulnerabilities, performance issues, and style...

Registry SourceRecently Updated
1390Profile unavailable
Security

Skill Analyzer

Analyzes OpenClaw skills for functionality, security, usability, documentation, maintainability, and best practices to provide quality scores and improvement...

Registry SourceRecently Updated
1600Profile unavailable
Security

Code Review Assistant

自动化代码审查助手,支持 PR 审查、代码质量分析、潜在 bug 检测、安全漏洞扫描。

Registry SourceRecently Updated
3700Profile unavailable
Security

OpenClaw Security Suite

Comprehensive security suite for OpenClaw skills. Includes static scanning (AST + keywords) and AI-powered semantic behavior review to detect malicious code.

Registry SourceRecently Updated
1030Profile unavailable