phoenix-code-review

What This Skill Does

The phoenix-code-review skill is a specialized static analysis tool designed to audit Elixir and Phoenix Framework projects. It acts as an expert-level reviewer, ensuring that your codebase adheres to community-standard design patterns, architectural best practices, and security guidelines. By focusing on the unique structure of Phoenix applications—specifically the separation between controllers, contexts, and routing layers—it identifies common pitfalls such as leaking business logic into controllers, improper use of Ecto, or failures in plug composition. This skill does not just look for syntax errors; it evaluates the architectural integrity of your application, ensuring that context boundaries are respected and that your routing remains efficient and secure.

Installation

To integrate this skill into your environment, use the OpenClaw command-line interface. Run the following command in your terminal:

clawhub install openclaw/skills/skills/anderskev/phoenix-code-review

Ensure that you have the appropriate permissions to access the source repository and that your OpenClaw agent is initialized in the root directory of your Phoenix project for optimal file discovery.

Use Cases

This skill is indispensable during pull request reviews, legacy code refactoring, or pre-deployment security audits. Use it when:

• You are auditing a controller for bloated logic and wish to delegate business operations to a context.
• You need to verify that your route files are using modern verified routes (~p) rather than deprecated string paths.
• You want to ensure that your custom authentication plugs are properly halting the connection to prevent unauthorized access.
• You are onboarding new team members and need to enforce structural consistency across domain-bounded contexts.

Example Prompts

1. "Review the UserRegistrationController in the web/controllers folder and check for any logic that should be moved to the Accounts context."
2. "Analyze the current router.ex file. Are we using the latest verified routes, and are the pipelines efficiently grouped for our API and web scopes?"
3. "Check the current implementation of our AuthPlug and verify if it correctly handles connection halting and error responses for guest users."

Tips & Limitations

• Context Awareness: The skill is designed to respect the 'Context-Sensitive Rules' table. It will not flag valid patterns like legitimate orchestration or intentional inline Ecto queries.
• Volume: While powerful, this skill works best when pointed at specific modules or directories rather than an entire monolithic codebase simultaneously.
• Verification: Always ensure you run the review-verification-protocol before acting on findings to ensure that identified issues are not false positives arising from unique, project-specific architectural exceptions. The skill is an assistant; human validation remains the final step in your deployment lifecycle.