{ "schemaVersion": "1.0", "item": { "slug": "afrexai-code-reviewer", "name": "Code Review Engine", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/1kalin/afrexai-code-reviewer", "canonicalUrl": "https://clawhub.ai/1kalin/afrexai-code-reviewer", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/afrexai-code-reviewer", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-code-reviewer", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/afrexai-code-reviewer" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/afrexai-code-reviewer", "agentPageUrl": "https://openagent3.xyz/skills/afrexai-code-reviewer/agent", "manifestUrl": "https://openagent3.xyz/skills/afrexai-code-reviewer/agent.json", "briefUrl": "https://openagent3.xyz/skills/afrexai-code-reviewer/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Code Review Engine", "body": "Enterprise-grade automated code review. Works on GitHub PRs, local diffs, pasted code, or entire files. No dependencies — pure agent intelligence." }, { "title": "Review a GitHub PR", "body": "Review PR #42 in owner/repo" }, { "title": "Review a local diff", "body": "Review the staged changes in this repo" }, { "title": "Review a file", "body": "Review src/auth/login.ts for security issues" }, { "title": "Review pasted code", "body": "Just paste code and say \"review this\"" }, { "title": "Review Framework: SPEAR", "body": "Every review follows the SPEAR framework — 5 dimensions, each scored 1-10:" }, { "title": "🔴 S — Security (Weight: 3x)", "body": "CheckSeverityExampleHardcoded secretsCRITICALAPI keys, passwords, tokens in sourceSQL injectionCRITICALString concatenation in queriesXSS vectorsHIGHUnsanitized user input in HTML/DOMPath traversalHIGHUser input in file paths without validationInsecure deserializationHIGHeval(), pickle.loads(), JSON.parse on untrusted inputAuth bypassCRITICALMissing auth checks on endpointsSSRFHIGHUser-controlled URLs in server requestsTiming attacksMEDIUMNon-constant-time string comparison for secretsDependency vulnerabilitiesMEDIUMKnown CVEs in imported packagesSensitive data loggingMEDIUMPII, tokens, passwords in log outputInsecure randomnessMEDIUMMath.random() for security-sensitive valuesMissing rate limitingMEDIUMAuth endpoints without throttling" }, { "title": "🟡 P — Performance (Weight: 2x)", "body": "CheckSeverityExampleN+1 queriesHIGHDB call inside a loopUnbounded queriesHIGHSELECT * without LIMIT on user-facing endpointsMissing indexes (implied)MEDIUMFrequent WHERE/ORDER on unindexed columnsMemory leaksHIGHEvent listeners never removed, growing cachesBlocking main threadHIGHSync I/O in async context, CPU-heavy in event loopUnnecessary re-rendersMEDIUMReact: missing memo, unstable refs in depsLarge bundle importsMEDIUMimport _ from 'lodash' vs import get from 'lodash/get'Missing paginationMEDIUMReturning all records to clientRedundant computationLOWSame expensive calc repeated without cachingConnection pool exhaustionHIGHNot releasing DB/HTTP connections" }, { "title": "🟠 E — Error Handling (Weight: 2x)", "body": "CheckSeverityExampleSwallowed errorsHIGHEmpty catch blocks, Go _ := on errorMissing error boundariesMEDIUMReact components without error boundariesUnchecked null/undefinedHIGHNo null checks before property accessMissing finally/cleanupMEDIUMResources opened but not guaranteed closedGeneric error messagesLOWcatch(e) { throw new Error(\"something went wrong\") }Missing retry logicMEDIUMNetwork calls without retry on transient failuresPanic/exit in library codeHIGHpanic(), os.Exit(), process.exit() in non-mainUnhandled promise rejectionsHIGHAsync calls without .catch() or try/catchError type conflationMEDIUMAll errors treated the same (4xx vs 5xx, retriable vs fatal)" }, { "title": "🔵 A — Architecture (Weight: 1.5x)", "body": "CheckSeverityExampleGod functions (>50 lines)MEDIUMSingle function doing too many thingsGod files (>300 lines)MEDIUMMonolithic moduleTight couplingMEDIUMDirect DB calls in request handlersMissing abstractionLOWRepeated patterns that should be extractedCircular dependenciesHIGHA imports B imports AWrong layerMEDIUMBusiness logic in controllers, SQL in UIMagic numbers/stringsLOWHardcoded values without named constantsMissing typesMEDIUMany in TypeScript, missing type hints in PythonDead codeLOWUnreachable branches, unused imports/variablesInconsistent patternsLOWDifferent error handling styles in same codebase" }, { "title": "📊 R — Reliability (Weight: 1.5x)", "body": "CheckSeverityExampleMissing tests for changesHIGHNew logic without corresponding testTest qualityMEDIUMTests that only check happy pathMissing edge casesMEDIUMNo handling for empty arrays, null, boundary valuesRace conditionsHIGHShared mutable state without synchronizationNon-idempotent operationsMEDIUMRetrying could cause duplicatesMissing validationHIGHUser input accepted without schema validationBrittle testsLOWTests depending on execution order or timingMissing loggingMEDIUMError paths with no observabilityConfiguration driftMEDIUMHardcoded env-specific valuesMissing migrationsHIGHSchema changes without migration files" }, { "title": "Per-Finding Severity", "body": "CRITICAL → -3 points from dimension score\nHIGH → -2 points\nMEDIUM → -1 point\nLOW → -0.5 points\nINFO → 0 (suggestion only)" }, { "title": "Overall SPEAR Score Calculation", "body": "Raw Score = (S×3 + P×2 + E×2 + A×1.5 + R×1.5) / 10\nFinal Score = Raw Score × 10 (scale 0-100)" }, { "title": "Verdict Thresholds", "body": "ScoreVerdictAction90-100✅ EXCELLENTShip it75-89🟢 GOODMinor suggestions, approve60-74🟡 NEEDS WORKAddress findings before merge40-59🟠 SIGNIFICANT ISSUESMajor rework needed0-39🔴 BLOCKCritical issues, do not merge" }, { "title": "Review Output Template", "body": "Use this structure for every review:\n\n# Code Review: [PR title or file name]\n\n## Summary\n[1-2 sentence overview of what this code does and overall quality]\n\n## SPEAR Score: [X]/100 — [VERDICT]\n\n| Dimension | Score | Key Finding |\n|-----------|-------|-------------|\n| 🔴 Security | X/10 | [worst finding or \"Clean\"] |\n| 🟡 Performance | X/10 | [worst finding or \"Clean\"] |\n| 🟠 Error Handling | X/10 | [worst finding or \"Clean\"] |\n| 🔵 Architecture | X/10 | [worst finding or \"Clean\"] |\n| 📊 Reliability | X/10 | [worst finding or \"Clean\"] |\n\n## Findings\n\n### [CRITICAL/HIGH] 🔴 [Title]\n**File:** `path/to/file.ts:42`\n**Category:** Security\n**Issue:** [What's wrong]\n**Impact:** [What could happen]\n**Fix:**\n```[lang]\n// suggested fix" }, { "title": "[MEDIUM] 🟡 [Title]", "body": "..." }, { "title": "What's Done Well", "body": "[Genuinely good patterns worth calling out]" }, { "title": "Recommendations", "body": "[Prioritized action items]\n\n---\n\n## Language-Specific Patterns\n\n### TypeScript / JavaScript\n- `any` type usage → Architecture finding\n- `as` type assertions → potential runtime error\n- `console.log` in production code → Style\n- `==` instead of `===` → Reliability\n- Missing `async/await` error handling\n- `useEffect` missing cleanup return\n- Index signatures without validation\n\n### Python\n- Bare `except:` or `except Exception:` → Error Handling\n- `eval()` / `exec()` → Security CRITICAL\n- Mutable default arguments → Reliability\n- `import *` → Architecture\n- Missing `__init__.py` type hints\n- f-strings with user input → potential injection\n\n### Go\n- `_ :=` discarding errors → Error Handling HIGH\n- `panic()` in library code → Reliability HIGH\n- Missing `defer` for resource cleanup\n- Exported functions without doc comments\n- `interface{}` / `any` overuse\n\n### Java\n- Catching `Exception` or `Throwable` → Error Handling\n- Missing `@Override` annotations\n- Mutable static fields → thread safety\n- `System.out.println` in production\n- Missing null checks (pre-Optional code)\n\n### SQL\n- String concatenation in queries → Security CRITICAL\n- `SELECT *` → Performance\n- Missing WHERE on UPDATE/DELETE → Security CRITICAL\n- No LIMIT on user-facing queries → Performance\n- Missing indexes for JOIN columns\n\n---\n\n## Advanced Techniques\n\n### Reviewing for Business Logic\nBeyond code quality, check:\n- Does the code match the PR description / ticket requirements?\n- Are there edge cases the spec didn't mention?\n- Could this break existing functionality?\n- Is there a simpler way to achieve the same result?\n\n### Reviewing for Operability\n- Can this be debugged in production? (logging, error messages)\n- Can this be rolled back safely?\n- Are feature flags needed?\n- What monitoring should accompany this change?\n\n### Reviewing Database Changes\n- Is the migration reversible?\n- Will it lock tables during migration?\n- Are there indexes for new query patterns?\n- Is there a data backfill needed?\n\n### Security Review Depth Levels\n| Level | When | What |\n|-------|------|------|\n| Quick | Internal tool, trusted input | OWASP Top 10 patterns only |\n| Standard | User-facing feature | + auth, input validation, output encoding |\n| Deep | Payment, auth, PII handling | + crypto review, session management, audit logging |\n| Threat Model | New service/API surface | + attack surface mapping, trust boundaries |\n\n---\n\n## Integration Patterns\n\n### GitHub PR Review\n```bash\n# Get PR diff\ngh pr diff 42 --repo owner/repo\n\n# Get PR details\ngh pr view 42 --repo owner/repo --json title,body,files,commits\n\n# Post review comment\ngh pr review 42 --repo owner/repo --comment --body \"review content\"" }, { "title": "Local Git Review", "body": "# Review staged changes\ngit diff --cached\n\n# Review branch vs main\ngit diff main..HEAD\n\n# Review last N commits\ngit log -5 --oneline && git diff HEAD~5..HEAD" }, { "title": "Heartbeat / Cron Integration", "body": "Check for open PRs in [repo] that I haven't reviewed yet.\nFor each, run a SPEAR review and post the results as a PR comment." }, { "title": "Edge Cases & Gotchas", "body": "Large PRs (>500 lines): Break into logical chunks. Review file-by-file. Flag the PR size itself as a finding (Architecture: \"PR too large — consider splitting\").\nGenerated code: Skip generated files (proto, swagger, migrations from ORMs). Note that you skipped them.\nDependency updates: Focus on breaking changes in changelogs, not the lockfile diff.\nMerge conflicts markers: Flag immediately as CRITICAL — <<<<<<< in code means broken merge.\nBinary files: Note presence, can't review content.\nConfig changes: Extra scrutiny — wrong env var = production outage.\nRefactors: Verify behavior preservation. Check if tests still pass conceptually." }, { "title": "Review Checklist (Quick Mode)", "body": "For fast reviews when full SPEAR isn't needed:\n\nNo hardcoded secrets or credentials\n No SQL injection / XSS / path traversal\n All errors handled (no empty catch, no discarded errors)\n No N+1 queries or unbounded operations\n Tests exist for new/changed logic\n No console.log / print / fmt.Print left in\n Functions under 50 lines, files under 300 lines\n Types are specific (no any / interface{})\n PR description matches the actual changes\n No TODOs without linked issues" } ], "body": "Code Review Engine\n\nEnterprise-grade automated code review. Works on GitHub PRs, local diffs, pasted code, or entire files. No dependencies — pure agent intelligence.\n\nQuick Start\nReview a GitHub PR\nReview PR #42 in owner/repo\n\nReview a local diff\nReview the staged changes in this repo\n\nReview a file\nReview src/auth/login.ts for security issues\n\nReview pasted code\n\nJust paste code and say \"review this\"\n\nReview Framework: SPEAR\n\nEvery review follows the SPEAR framework — 5 dimensions, each scored 1-10:\n\n🔴 S — Security (Weight: 3x)\nCheck\tSeverity\tExample\nHardcoded secrets\tCRITICAL\tAPI keys, passwords, tokens in source\nSQL injection\tCRITICAL\tString concatenation in queries\nXSS vectors\tHIGH\tUnsanitized user input in HTML/DOM\nPath traversal\tHIGH\tUser input in file paths without validation\nInsecure deserialization\tHIGH\teval(), pickle.loads(), JSON.parse on untrusted input\nAuth bypass\tCRITICAL\tMissing auth checks on endpoints\nSSRF\tHIGH\tUser-controlled URLs in server requests\nTiming attacks\tMEDIUM\tNon-constant-time string comparison for secrets\nDependency vulnerabilities\tMEDIUM\tKnown CVEs in imported packages\nSensitive data logging\tMEDIUM\tPII, tokens, passwords in log output\nInsecure randomness\tMEDIUM\tMath.random() for security-sensitive values\nMissing rate limiting\tMEDIUM\tAuth endpoints without throttling\n🟡 P — Performance (Weight: 2x)\nCheck\tSeverity\tExample\nN+1 queries\tHIGH\tDB call inside a loop\nUnbounded queries\tHIGH\tSELECT * without LIMIT on user-facing endpoints\nMissing indexes (implied)\tMEDIUM\tFrequent WHERE/ORDER on unindexed columns\nMemory leaks\tHIGH\tEvent listeners never removed, growing caches\nBlocking main thread\tHIGH\tSync I/O in async context, CPU-heavy in event loop\nUnnecessary re-renders\tMEDIUM\tReact: missing memo, unstable refs in deps\nLarge bundle imports\tMEDIUM\timport _ from 'lodash' vs import get from 'lodash/get'\nMissing pagination\tMEDIUM\tReturning all records to client\nRedundant computation\tLOW\tSame expensive calc repeated without caching\nConnection pool exhaustion\tHIGH\tNot releasing DB/HTTP connections\n🟠 E — Error Handling (Weight: 2x)\nCheck\tSeverity\tExample\nSwallowed errors\tHIGH\tEmpty catch blocks, Go _ := on error\nMissing error boundaries\tMEDIUM\tReact components without error boundaries\nUnchecked null/undefined\tHIGH\tNo null checks before property access\nMissing finally/cleanup\tMEDIUM\tResources opened but not guaranteed closed\nGeneric error messages\tLOW\tcatch(e) { throw new Error(\"something went wrong\") }\nMissing retry logic\tMEDIUM\tNetwork calls without retry on transient failures\nPanic/exit in library code\tHIGH\tpanic(), os.Exit(), process.exit() in non-main\nUnhandled promise rejections\tHIGH\tAsync calls without .catch() or try/catch\nError type conflation\tMEDIUM\tAll errors treated the same (4xx vs 5xx, retriable vs fatal)\n🔵 A — Architecture (Weight: 1.5x)\nCheck\tSeverity\tExample\nGod functions (>50 lines)\tMEDIUM\tSingle function doing too many things\nGod files (>300 lines)\tMEDIUM\tMonolithic module\nTight coupling\tMEDIUM\tDirect DB calls in request handlers\nMissing abstraction\tLOW\tRepeated patterns that should be extracted\nCircular dependencies\tHIGH\tA imports B imports A\nWrong layer\tMEDIUM\tBusiness logic in controllers, SQL in UI\nMagic numbers/strings\tLOW\tHardcoded values without named constants\nMissing types\tMEDIUM\tany in TypeScript, missing type hints in Python\nDead code\tLOW\tUnreachable branches, unused imports/variables\nInconsistent patterns\tLOW\tDifferent error handling styles in same codebase\n📊 R — Reliability (Weight: 1.5x)\nCheck\tSeverity\tExample\nMissing tests for changes\tHIGH\tNew logic without corresponding test\nTest quality\tMEDIUM\tTests that only check happy path\nMissing edge cases\tMEDIUM\tNo handling for empty arrays, null, boundary values\nRace conditions\tHIGH\tShared mutable state without synchronization\nNon-idempotent operations\tMEDIUM\tRetrying could cause duplicates\nMissing validation\tHIGH\tUser input accepted without schema validation\nBrittle tests\tLOW\tTests depending on execution order or timing\nMissing logging\tMEDIUM\tError paths with no observability\nConfiguration drift\tMEDIUM\tHardcoded env-specific values\nMissing migrations\tHIGH\tSchema changes without migration files\nScoring System\nPer-Finding Severity\nCRITICAL → -3 points from dimension score\nHIGH → -2 points\nMEDIUM → -1 point\nLOW → -0.5 points\nINFO → 0 (suggestion only)\n\nOverall SPEAR Score Calculation\nRaw Score = (S×3 + P×2 + E×2 + A×1.5 + R×1.5) / 10\nFinal Score = Raw Score × 10 (scale 0-100)\n\nVerdict Thresholds\nScore\tVerdict\tAction\n90-100\t✅ EXCELLENT\tShip it\n75-89\t🟢 GOOD\tMinor suggestions, approve\n60-74\t🟡 NEEDS WORK\tAddress findings before merge\n40-59\t🟠 SIGNIFICANT ISSUES\tMajor rework needed\n0-39\t🔴 BLOCK\tCritical issues, do not merge\nReview Output Template\n\nUse this structure for every review:\n\n# Code Review: [PR title or file name]\n\n## Summary\n[1-2 sentence overview of what this code does and overall quality]\n\n## SPEAR Score: [X]/100 — [VERDICT]\n\n| Dimension | Score | Key Finding |\n|-----------|-------|-------------|\n| 🔴 Security | X/10 | [worst finding or \"Clean\"] |\n| 🟡 Performance | X/10 | [worst finding or \"Clean\"] |\n| 🟠 Error Handling | X/10 | [worst finding or \"Clean\"] |\n| 🔵 Architecture | X/10 | [worst finding or \"Clean\"] |\n| 📊 Reliability | X/10 | [worst finding or \"Clean\"] |\n\n## Findings\n\n### [CRITICAL/HIGH] 🔴 [Title]\n**File:** `path/to/file.ts:42`\n**Category:** Security\n**Issue:** [What's wrong]\n**Impact:** [What could happen]\n**Fix:**\n```[lang]\n// suggested fix\n\n[MEDIUM] 🟡 [Title]\n\n...\n\nWhat's Done Well\n[Genuinely good patterns worth calling out]\nRecommendations\n[Prioritized action items]\n\n---\n\n## Language-Specific Patterns\n\n### TypeScript / JavaScript\n- `any` type usage → Architecture finding\n- `as` type assertions → potential runtime error\n- `console.log` in production code → Style\n- `==` instead of `===` → Reliability\n- Missing `async/await` error handling\n- `useEffect` missing cleanup return\n- Index signatures without validation\n\n### Python\n- Bare `except:` or `except Exception:` → Error Handling\n- `eval()` / `exec()` → Security CRITICAL\n- Mutable default arguments → Reliability\n- `import *` → Architecture\n- Missing `__init__.py` type hints\n- f-strings with user input → potential injection\n\n### Go\n- `_ :=` discarding errors → Error Handling HIGH\n- `panic()` in library code → Reliability HIGH\n- Missing `defer` for resource cleanup\n- Exported functions without doc comments\n- `interface{}` / `any` overuse\n\n### Java\n- Catching `Exception` or `Throwable` → Error Handling\n- Missing `@Override` annotations\n- Mutable static fields → thread safety\n- `System.out.println` in production\n- Missing null checks (pre-Optional code)\n\n### SQL\n- String concatenation in queries → Security CRITICAL\n- `SELECT *` → Performance\n- Missing WHERE on UPDATE/DELETE → Security CRITICAL\n- No LIMIT on user-facing queries → Performance\n- Missing indexes for JOIN columns\n\n---\n\n## Advanced Techniques\n\n### Reviewing for Business Logic\nBeyond code quality, check:\n- Does the code match the PR description / ticket requirements?\n- Are there edge cases the spec didn't mention?\n- Could this break existing functionality?\n- Is there a simpler way to achieve the same result?\n\n### Reviewing for Operability\n- Can this be debugged in production? (logging, error messages)\n- Can this be rolled back safely?\n- Are feature flags needed?\n- What monitoring should accompany this change?\n\n### Reviewing Database Changes\n- Is the migration reversible?\n- Will it lock tables during migration?\n- Are there indexes for new query patterns?\n- Is there a data backfill needed?\n\n### Security Review Depth Levels\n| Level | When | What |\n|-------|------|------|\n| Quick | Internal tool, trusted input | OWASP Top 10 patterns only |\n| Standard | User-facing feature | + auth, input validation, output encoding |\n| Deep | Payment, auth, PII handling | + crypto review, session management, audit logging |\n| Threat Model | New service/API surface | + attack surface mapping, trust boundaries |\n\n---\n\n## Integration Patterns\n\n### GitHub PR Review\n```bash\n# Get PR diff\ngh pr diff 42 --repo owner/repo\n\n# Get PR details\ngh pr view 42 --repo owner/repo --json title,body,files,commits\n\n# Post review comment\ngh pr review 42 --repo owner/repo --comment --body \"review content\"\n\nLocal Git Review\n# Review staged changes\ngit diff --cached\n\n# Review branch vs main\ngit diff main..HEAD\n\n# Review last N commits\ngit log -5 --oneline && git diff HEAD~5..HEAD\n\nHeartbeat / Cron Integration\nCheck for open PRs in [repo] that I haven't reviewed yet.\nFor each, run a SPEAR review and post the results as a PR comment.\n\nEdge Cases & Gotchas\nLarge PRs (>500 lines): Break into logical chunks. Review file-by-file. Flag the PR size itself as a finding (Architecture: \"PR too large — consider splitting\").\nGenerated code: Skip generated files (proto, swagger, migrations from ORMs). Note that you skipped them.\nDependency updates: Focus on breaking changes in changelogs, not the lockfile diff.\nMerge conflicts markers: Flag immediately as CRITICAL — <<<<<<< in code means broken merge.\nBinary files: Note presence, can't review content.\nConfig changes: Extra scrutiny — wrong env var = production outage.\nRefactors: Verify behavior preservation. Check if tests still pass conceptually.\nReview Checklist (Quick Mode)\n\nFor fast reviews when full SPEAR isn't needed:\n\n No hardcoded secrets or credentials\n No SQL injection / XSS / path traversal\n All errors handled (no empty catch, no discarded errors)\n No N+1 queries or unbounded operations\n Tests exist for new/changed logic\n No console.log / print / fmt.Print left in\n Functions under 50 lines, files under 300 lines\n Types are specific (no any / interface{})\n PR description matches the actual changes\n No TODOs without linked issues" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/1kalin/afrexai-code-reviewer", "publisherUrl": "https://clawhub.ai/1kalin/afrexai-code-reviewer", "owner": "1kalin", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/afrexai-code-reviewer", "downloadUrl": "https://openagent3.xyz/downloads/afrexai-code-reviewer", "agentUrl": "https://openagent3.xyz/skills/afrexai-code-reviewer/agent", "manifestUrl": "https://openagent3.xyz/skills/afrexai-code-reviewer/agent.json", "briefUrl": "https://openagent3.xyz/skills/afrexai-code-reviewer/agent.md" } }