code-review
Systematic code review patterns covering security, performance, maintainability, correctness, and testing — with severity levels, structured feedback guidance, review process, and anti-patterns to avoid. Use when reviewing PRs, establishing review standards, or improving review quality.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/1477009639zw-blip/beta-code-reviewCode Review Checklist
Thorough, structured approach to reviewing code. Work through each dimension systematically rather than scanning randomly.
Installation
OpenClaw / Moltbot / Clawbot
npx clawhub@latest install code-review
Review Dimensions
| Dimension | Focus | Priority |
|---|---|---|
| Security | Vulnerabilities, auth, data exposure | Critical |
| Performance | Speed, memory, scalability bottlenecks | High |
| Correctness | Logic errors, edge cases, data integrity | High |
| Maintainability | Readability, structure, future-proofing | Medium |
| Testing | Coverage, quality, reliability of tests | Medium |
| Accessibility | WCAG compliance, keyboard nav, screen readers | Medium |
| Documentation | Comments, API docs, changelog entries | Low |
Security Checklist
Review every change for these vulnerabilities:
- SQL Injection — All queries use parameterized statements or an ORM; no string concatenation with user input
- XSS — User-provided content is escaped/sanitized before rendering;
dangerouslySetInnerHTMLor equivalent is justified and safe - CSRF Protection — State-changing requests require valid CSRF tokens; SameSite cookie attributes are set
- Authentication — Every protected endpoint verifies the user is authenticated before processing
- Authorization — Resource access is scoped to the requesting user's permissions; no IDOR vulnerabilities
- Input Validation — All external input (params, headers, body, files) is validated for type, length, format, and range on the server side
- Secrets Management — No API keys, passwords, tokens, or credentials in source code; secrets come from environment variables or a vault
- Dependency Safety — New dependencies are from trusted sources, actively maintained, and free of known CVEs
- Sensitive Data — PII, tokens, and secrets are never logged, included in error messages, or returned in API responses
- Rate Limiting — Public and auth endpoints have rate limits to prevent brute-force and abuse
- File Upload Safety — Uploaded files are validated for type and size, stored outside the webroot, and served with safe Content-Type headers
- HTTP Security Headers — Content-Security-Policy, X-Content-Type-Options, Strict-Transport-Security are set
Performance Checklist
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-1477009639zw-blip-beta-code-review": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
lead-scoring
AI-powered B2B lead scoring model. Predicts conversion probability for potential customers using machine learning (LightGBM + SHAP). CSV upload or API integration.
quick-skill-maker
Creates a complete SKILL.md in one command. Input name + description + emoji → output a production-ready OpenClaw skill file.
sentiment-analyzer
Analyzes sentiment from social media, news headlines, and financial text. Outputs positive/negative/neutral scores with confidence levels and key phrase extraction.
competitor-analysis
Comprehensive competitor analysis framework. Research competitors, compare products, identify gaps, and find positioning opportunities. Used by startups, investors, and product teams.
content-writer
AI-powered content writing for tech, finance, and crypto. Blog posts, technical docs, whitepapers, market commentary. Research-backed, original, fast delivery.