Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From openclaw-cc
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly. Run: node scripts/gen-skill-docs.mjs -->
How this skill is triggered — by the user, by Claude, or both
Slash command
/openclaw-cc:code-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
<!-- AUTO-GENERATED from SKILL.md.tmpl — do not edit directly. Run: node scripts/gen-skill-docs.mjs -->
name: code-review description: > Multi-pass code review with scope drift detection and Fix-First heuristic. Triggers on "코드 리뷰", "리뷰해줘", "PR 확인", "code review", "review this", "check my code", "review PR", "코드 검토". Pass 1 auto-fixes mechanical issues; Pass 2 security audit; Pass 3 flags judgment-required items. WTF-likelihood safety gate. allowed-tools:
Before executing this skill:
Load context from memory:
memory_search(query: "{skill-relevant-query}", associative: true, limit: 5)
memory_search(tag: "{skill-name}", limit: 3)
Review returned memories for relevant past context, decisions, and patterns.
Check OMC state for active work:
state_get_status()
If conflicting active tasks exist, warn the user before proceeding.
Detect current branch (for git-related skills):
git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "not-a-git-repo"
Check proactive mode:
state_read("occ-proactive")
If "false": do NOT proactively suggest other OpenClaw-CC skills during this session.
Only run skills the user explicitly invokes.
Log skill activation:
memory_daily_log(type: "note", entry: "Skill activated: /{skill-name}")
Before starting work, load relevant context from the 3-layer memory system:
# Search for related past work
memory_search(query: "{task description}", associative: true, limit: 5)
# Search by relevant tags
memory_search(tag: "{relevant-tag}", limit: 3)
# Check for recent related daily logs
memory_search_date(start: "{7 days ago}", end: "{today}", category: "daily-logs", limit: 5)
Use retrieved context to:
If critical related memories exist, summarize them before proceeding:
Found {N} related memories:
- {memory_1 title}: {brief relevance}
- {memory_2 title}: {brief relevance}
git branch --show-current
If on base branch: "Nothing to review — you're on the base branch." Stop.
Detect the correct base branch for diff and PR operations:
# Method 1: Check if there's an existing PR for this branch
BASE=$(gh pr view --json baseRefName -q .baseRefName 2>/dev/null)
# Method 2: Check repo default branch
if [ -z "$BASE" ]; then
BASE=$(gh repo view --json defaultBranchRef -q .defaultBranchRef.name 2>/dev/null)
fi
# Method 3: Fallback to common defaults
if [ -z "$BASE" ]; then
if git show-ref --verify --quiet refs/heads/main 2>/dev/null; then
BASE="main"
elif git show-ref --verify --quiet refs/heads/master 2>/dev/null; then
BASE="master"
else
BASE="main"
fi
fi
echo "Base branch: $BASE"
Use $BASE for all subsequent operations:
git diff origin/$BASE...HEAD — Changes on this branchgit log origin/$BASE..HEAD — Commits on this branchgh pr create --base $BASE — PR targeting correct branchgit fetch origin $BASE --quiet
git diff origin/$BASE --stat
If no diff: stop.
Before reviewing code quality, check: did they build what was requested?
Read TODOS.md (if exists). Read PR description (gh pr view --json body -q .body 2>/dev/null).
Read commit messages (git log origin/$BASE..HEAD --oneline).
Identify the stated intent — what was this branch supposed to accomplish?
Compare files changed against stated intent.
Evaluate:
SCOPE CREEP: Files changed unrelated to intent. "While I was in there..." changes. MISSING REQUIREMENTS: Requirements not addressed in the diff. Partial implementations.
Output:
Scope Check: [CLEAN / DRIFT DETECTED / REQUIREMENTS MISSING]
Intent: <1-line summary>
Delivered: <1-line summary of what diff actually does>
This is INFORMATIONAL — does not block the review.
code-reviewer (opus)Pre-review diagnostics via OMC tools:
# Run LSP diagnostics on all changed directories
lsp_diagnostics_directory("<changed-directory>")
# Search for known anti-patterns via AST
ast_grep_search(pattern: "$FUNC($$$ARGS)", lang: "typescript")
Use LSP/AST findings to inform the code-reviewer agent delegation.
Agent(subagent_type: "oh-my-claudecode:code-reviewer", prompt: "
Review diff: git diff origin/$BASE
Check: SQL injection, XSS, CSRF, secrets, race conditions, magic numbers,
dead code, stale comments, N+1 queries, style violations.
Classify each finding:
- AUTO-FIX: Safe to fix automatically (dead code, style, stale comments)
- ASK: Requires judgment (architecture, security tradeoffs, API design)
Auto-fix all AUTO-FIX items. Report: [AUTO-FIXED] [file:line] Problem → Fix
")
security-reviewer (parallel)Run in parallel with Pass 1:
Agent(subagent_type: "oh-my-claudecode:security-reviewer", prompt: "
Security audit: git diff origin/$BASE
Check OWASP Top 10, secrets exposure, unsafe deserialization,
dependency vulnerabilities, auth/authz gaps.
Report severity-rated findings. Do NOT auto-fix.
")
Merge results from both agents. For each ASK item, present via AskUserQuestion:
Auto-fixed {N} issues. {K} need your input:
1. [CRITICAL] file:line — Problem description
Fix: Recommendation
→ A) Fix B) Skip
2. [INFORMATIONAL] file:line — Problem description
Fix: Recommendation
→ A) Fix B) Skip
RECOMMENDATION: {overall recommendation}
Cross-reference diff against .md files in repo root:
Before producing final output:
| Action | Risk Delta |
|---|---|
| Revert a file | +15% |
| Modify 3+ files | +5% per file beyond 3 |
| Change public API | +10% |
| Modify test fixtures | +5% |
| Touch configuration | +8% |
═══════════════════════════════════════
Code Review Report
═══════════════════════════════════════
Scope Check: {CLEAN/DRIFT/MISSING}
Pass 1 — Auto-Fixed: {N} issues across {M} files
Pass 2 — Security: {K} findings ({severity breakdown})
Pass 3 — Flagged: {J} items requiring decision
Doc Staleness: {any stale docs}
WTF-Likelihood: {percentage}%
Overall Health: {Good / Needs Attention / Significant Issues}
═══════════════════════════════════════
After completing the workflow, persist results to the 3-layer memory system:
Log completion to daily log:
memory_daily_log(type: "done", entry: "{skill-name}: {brief result summary}")
Store significant findings (importance ≥ 6):
memory_store(
category: "{appropriate category}",
title: "{descriptive title}",
content: "{structured result content}",
tags: ["{skill-name}", "{project}", "{relevant-tags}"],
importance: {6-10 based on significance}
)
Link to related memories (if applicable):
memory_link(source: "{new_memory_id}", target: "{related_id}", relation: "{related|derived|refines}")
| Content Type | Category | Subcategory |
|---|---|---|
| Bug fix / debugging | knowledge | debugging |
| Code review results | projects | {project-name} |
| Design decisions | projects | {project-name} |
| Research findings | knowledge | {topic} |
| Release / deploy | projects | {project-name} |
| Person-related info | people | — |
| Task / action item | tasks | — |
Every skill must end with one of these status codes:
| Code | Meaning | When to Use |
|---|---|---|
| DONE | All steps completed, evidence provided | Root cause found + fix verified, PR created, review finished |
| DONE_WITH_CONCERNS | Completed with warnings or caveats | Tests pass but coverage dropped, fix applied but can't fully verify |
| BLOCKED | Cannot proceed, requires user intervention | 3 failed attempts, missing permissions, external dependency down |
| NEEDS_CONTEXT | Missing information to continue | Unclear requirements, need user clarification |
3-strike rule: After 3 failed attempts at any step, STOP and escalate to user. Do not continue guessing. Present what was tried and ask for direction.
Scope escalation: If fix/change touches 5+ files unexpectedly, pause and confirm with the user before proceeding.
Security uncertainty: If you are unsure about a security implication, STOP and escalate. Never guess on security.
Verification requirement: Never claim DONE without evidence.
═══════════════════════════════════════
Status: {DONE | DONE_WITH_CONCERNS | BLOCKED | NEEDS_CONTEXT}
Summary: {one-line description of outcome}
Evidence: {test output, verification results, or blocking reason}
═══════════════════════════════════════
npx claudepluginhub kit4some/oh-my-claudeclaw --plugin openclaw-ccReviews local changes, PRs/MRs, or branch diffs against project coding guidelines using 5-7 parallel review agents (bug detection, security/logic, guideline compliance, code simplification, test coverage, contract quality). High-signal findings only.
Performs code reviews using Codex MCP with severity-grouped findings and a merge gate. Supports fast (diff-only), full (diff + lint/build), and branch review variants.
Performs structured code reviews checking requirements, quality, and security standards after changes or before merge. Uses git diffs, context snapshots, and blast radius for scope.