sw-code-reviewer_skill

This skill performs AI-assisted code reviews for quality, security, and maintainability, integrating static analysis tools and production-ready best practices.
  • Python

1.1k

GitHub Stars

3

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill sw-code-reviewer

  • _meta.json287 B
  • MEMORY.md160 B
  • SKILL.md8.2 KB

Overview

This skill is an elite code-review expert that delivers AI-assisted, production-grade assessments for quality, security, performance, and maintainability. It combines static analysis, modern tooling, and human-guided review techniques to produce actionable, prioritized feedback. Use it to automate PR reviews, detect vulnerabilities, and enforce team standards across languages and infra.

How this skill works

The skill runs an initial automated scan with configured static analyzers (SonarQube, CodeQL, Semgrep) and security tools (Snyk, Bandit, pip-audit). It augments tool output with context-aware LLM analysis to surface design issues, performance hotspots, and usability concerns. Reviews are organized by severity and include remediation suggestions, code examples, and follow-up validation steps. Integrations enable CI/CD, IDE, and chat feedback for continuous review loops.

When to use it

  • Automated pull request reviews to catch regressions and enforce standards
  • Security audits for OWASP, secrets, dependency, and config risks
  • Performance and scalability reviews for services and DB queries
  • Infrastructure as Code and Kubernetes manifest security and reliability checks
  • CI/CD pipeline and build configuration validation for production readiness

Best practices

  • Run automated scans early in CI to fail fast on critical issues
  • Combine static tool output with manual logic and architecture review
  • Create project-specific linting and rule sets to reflect team conventions
  • Prioritize fixes by production impact and exploitability, not just severity labels
  • Provide short, example-driven recommendations and reference tests or benchmarks
  • Track review metrics and iterate on the checklist to reduce recurring issues

Example use cases

  • Review a microservice PR for SQL injection, N+1 queries, and connection pooling issues
  • Audit a Kubernetes deployment manifests for privilege escalation and resource limits
  • Assess a Python module for PEP 8 compliance, complexity hotspots, and test gaps
  • Analyze CI/CD pipeline for secret exposure, improper artifact signing, and rollback strategy
  • Evaluate an authentication flow for OAuth2 correctness, token handling, and session management

FAQ

Multi-language support with focused expertise in Python, JavaScript/TypeScript, Java, Go, Rust, C#, and PHP plus common frameworks and web stacks.

How are findings prioritized?

Findings are triaged by exploitability, production impact, and frequency. Critical security issues and production stability risks receive immediate remediation guidance; maintainability items are tracked as technical debt.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational