code-reviewer
Elite code review expert for quality, security, and maintainability analysis with AI-assisted review techniques. Use for PR reviews, security vulnerability detection, or code quality assessment. Covers static analysis, performance patterns, and best practices enforcement.
Why use this skill?
Enhance your code quality and security with the OpenClaw code-reviewer skill. Automate PR reviews, vulnerability detection, and performance audits.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/anton-abyzov/sw-code-reviewerWhat This Skill Does
The code-reviewer skill is an elite analysis engine designed to transform your pull request and codebase assessment process. It functions as a senior-level technical auditor, leveraging sophisticated AI-powered analysis to enforce quality, security, and maintainability standards across your development lifecycle. Unlike basic linters, this skill integrates context-aware analysis with modern tooling like Semgrep, CodeQL, and SonarQube to identify complex logic flaws, security vulnerabilities, and architectural anti-patterns. Whether you are conducting a routine PR review, investigating a memory leak, or performing a rigorous security audit, this skill provides actionable, production-grade feedback that minimizes technical debt and improves overall software reliability.
Installation
To add this skill to your workspace, execute the following command in your OpenClaw terminal: clawhub install openclaw/skills/skills/anton-abyzov/sw-code-reviewer
Use Cases
- Pull Request Analysis: Automatically scan incoming code changes for deviations from team coding standards and potential regressions.
- Security Hardening: Proactively detect OWASP Top 10 vulnerabilities, such as injection risks or improper authentication implementation, before deployment.
- Technical Debt Reduction: Identify code smells, cyclomatic complexity spikes, and inefficient resource utilization to prioritize refactoring efforts.
- Performance Benchmarking: Analyze database queries, caching strategies, and asynchronous execution patterns to ensure your application scales efficiently.
- Infrastructure-as-Code Audits: Validate Terraform or Kubernetes manifests to ensure security best practices are baked into your deployment pipeline.
Example Prompts
- "Review this pull request for potential security vulnerabilities, specifically focusing on input sanitization and potential SQL injection points."
- "Analyze this Python function for performance bottlenecks; it currently experiences high latency under load. Suggest improvements for memory management and database query optimization."
- "Evaluate my Terraform infrastructure files for compliance with production-grade security standards, particularly regarding secret management and public access control."
Tips & Limitations
To maximize the efficacy of this skill, ensure that the provided code snippets include sufficient context or associated configuration files. While the AI is highly proficient in detecting pattern-based issues, it performs best when paired with static analysis tools like Semgrep to verify findings. Note that while this skill can identify severe security flaws, it should be considered a layer in your defense-in-depth strategy, not a replacement for manual security penetration testing or formal compliance certifications. Always verify AI-generated refactoring suggestions in a sandboxed environment before applying them to mission-critical production codebases.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-anton-abyzov-sw-code-reviewer": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, code-execution
Related Skills
network-engineer
Cloud network architect for VPC design, service mesh, zero-trust networking, load balancers, and CDN optimization. Use for network troubleshooting or connectivity issues.
jira-multi-project-mapper
Expert in mapping SpecWeave specs to multiple JIRA projects with intelligent project detection and cross-project coordination. Use when syncing to multiple JIRA projects (project-per-team, component-based), or managing bidirectional sync across team boundaries.
helm-chart-scaffolding
Design, organize, and manage Helm charts for templating and packaging Kubernetes applications with reusable configurations. Use when creating Helm charts, packaging Kubernetes applications, or implementing templated deployments.
performance-optimization
React Native performance with Hermes V1, FlashList, expo-image v2, concurrent rendering. Use for slow app, memory leaks, or FPS issues.
release-strategy-advisor
Release strategy advisor - detects brownfield patterns (tags, CI/CD, changelogs), recommends versioning strategy based on architecture. Creates release-strategy.md.