1.1k
GitHub Stars
3
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill sw-code-reviewer- _meta.json287 B
- MEMORY.md160 B
- SKILL.md8.2 KB
Overview
This skill is an elite code-review expert that delivers AI-assisted, production-grade assessments for quality, security, performance, and maintainability. It combines static analysis, modern tooling, and human-guided review techniques to produce actionable, prioritized feedback. Use it to automate PR reviews, detect vulnerabilities, and enforce team standards across languages and infra.
How this skill works
The skill runs an initial automated scan with configured static analyzers (SonarQube, CodeQL, Semgrep) and security tools (Snyk, Bandit, pip-audit). It augments tool output with context-aware LLM analysis to surface design issues, performance hotspots, and usability concerns. Reviews are organized by severity and include remediation suggestions, code examples, and follow-up validation steps. Integrations enable CI/CD, IDE, and chat feedback for continuous review loops.
When to use it
- Automated pull request reviews to catch regressions and enforce standards
- Security audits for OWASP, secrets, dependency, and config risks
- Performance and scalability reviews for services and DB queries
- Infrastructure as Code and Kubernetes manifest security and reliability checks
- CI/CD pipeline and build configuration validation for production readiness
Best practices
- Run automated scans early in CI to fail fast on critical issues
- Combine static tool output with manual logic and architecture review
- Create project-specific linting and rule sets to reflect team conventions
- Prioritize fixes by production impact and exploitability, not just severity labels
- Provide short, example-driven recommendations and reference tests or benchmarks
- Track review metrics and iterate on the checklist to reduce recurring issues
Example use cases
- Review a microservice PR for SQL injection, N+1 queries, and connection pooling issues
- Audit a Kubernetes deployment manifests for privilege escalation and resource limits
- Assess a Python module for PEP 8 compliance, complexity hotspots, and test gaps
- Analyze CI/CD pipeline for secret exposure, improper artifact signing, and rollback strategy
- Evaluate an authentication flow for OAuth2 correctness, token handling, and session management
FAQ
Multi-language support with focused expertise in Python, JavaScript/TypeScript, Java, Go, Rust, C#, and PHP plus common frameworks and web stacks.
How are findings prioritized?
Findings are triaged by exploitability, production impact, and frequency. Critical security issues and production stability risks receive immediate remediation guidance; maintainability items are tracked as technical debt.