Review Code

What This Skill Does

The Review Code skill is a sophisticated, agent-driven utility designed to elevate the standard of code quality through a risk-first analytical framework. Rather than simply scanning for syntax errors, it performs deep-dive audits focused on security, performance, correctness, and maintainability. It acts as an expert pair programmer that evaluates code based on established team baselines, industry best practices, and objective, reproducible evidence.

This skill is built on a structured memory system located in ~/review-code/, which acts as the 'brain' of the agent. By maintaining persistent context on team conventions and prior project findings, the Review Code skill ensures that your codebase evolves with consistency. It enforces a strict triage process where blocking, high-impact issues are separated from minor advisory notes, ensuring that critical bugs—especially those related to auth, data integrity, and concurrency—are never buried under low-priority suggestions.

Installation

To add this capability to your agent, run the following command in your terminal: clawhub install openclaw/skills/skills/ivangdavila/review-code

Once installed, initialize the local directory by executing the setup script found in the package documentation to establish the memory schema and configuration templates.

Use Cases

1. Pull Request Audits: Automatically analyze incoming PRs to identify potential regressions or security vulnerabilities before they are merged into the main branch.
2. Bug-Risk Assessment: Identify high-risk code blocks that are prone to race conditions or data loss during system migrations or refactors.
3. Compliance & Standard Check: Verify that new commits adhere to defined organizational security policies and performance benchmarks stored in your baselines/ memory directory.
4. Refactoring Guidance: Receive actionable, patch-ready advice on how to improve complex, legacy modules without introducing breaking changes.

Example Prompts

1. "Review this PR against the security guidelines in our baselines/ folder. Highlight any critical vulnerabilities in the authentication logic."
2. "Perform a risk-first audit on the user-payments module. I am concerned about potential concurrency issues during high-traffic events."
3. "Analyze these three files for performance bottlenecks. Provide a fix path for any blocking items and suggest a suite of regression tests."

Tips & Limitations

• Define Scope: The agent is most effective when the review contract is clear. Always specify the branch, target files, and the context (e.g., 'hotfix' vs 'feature release').
• Evidence-Backed Results: The agent is trained to ignore vague claims. If a finding doesn't include a reproduction path or a specific business impact, feel free to ask the agent to clarify its reasoning.
• File Management: Ensure you review all proposed changes to your local ~/review-code/ directory if the agent suggests updates to your memory or baselines.
• Constraint: This tool is designed to augment human judgment, not replace it. Always verify the suggested patches in a local sandbox before applying them to production.