Back to Details

code-review-assistant

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Code Review Assistant

代码审查助手

Automated code review assistant that analyzes GitHub pull requests, code diffs, and files for bugs, security issues, code quality, and best practices.
自动化代码审查助手,可分析GitHub拉取请求(PR)、代码差异(diffs)及文件中的漏洞、安全问题、代码质量与最佳实践。

When to Use

适用场景

USE this skill when:
  • User shares a GitHub PR URL and asks for a review
  • User wants to analyze code changes for bugs or issues
  • You need to check code for security vulnerabilities
  • Performing pre-merge code quality checks
  • Analyzing code for best practices and improvements
  • User wants feedback on a specific file or diff
DON'T use this skill when:
  • The user just wants a summary of what changed (use summarize)
  • User wants to merge PRs automatically (use git-ops for that)
  • Code is too large to analyze in one pass (ask user to narrow focus)
以下场景使用本技能:
  • 用户分享GitHub PR链接并请求审查
  • 用户希望分析代码变更中的漏洞或问题
  • 你需要检查代码中的安全漏洞
  • 执行合并前的代码质量检查
  • 分析代码的最佳实践与改进点
  • 用户希望获得特定文件或差异的反馈
以下场景请勿使用本技能:
  • 用户仅需要变更内容的摘要(使用总结技能)
  • 用户希望自动合并PR(使用git-ops技能)
  • 代码过大无法一次性分析(请用户缩小审查范围)

Setup

设置

No additional setup required. Uses:
  • gh
    CLI for GitHub PR fetching (must be authenticated)
  • LLM for intelligent code analysis
Verify GitHub authentication:
bash
gh auth status
无需额外配置。使用以下工具:
  • gh
    CLI 用于获取GitHub PR(需已认证)
  • LLM 用于智能代码分析
验证GitHub认证:
bash
gh auth status

Usage

使用方法

Review a GitHub Pull Request

审查GitHub拉取请求

bash
node /job/.pi/skills/code-review-assistant/review.js "https://github.com/owner/repo/pull/123"
bash
node /job/.pi/skills/code-review-assistant/review.js "https://github.com/owner/repo/pull/123"

Review from a branch diff

审查分支差异

bash
node /job/.pi/skills/code-review-assistant/review.js --branch "feature-branch"
bash
node /job/.pi/skills/code-review-assistant/review.js --branch "feature-branch"

Review specific files

审查特定文件

bash
node /job/.pi/skills/code-review-assistant/review.js --files "src/index.ts" "src/utils.ts"
bash
node /job/.pi/skills/code-review-assistant/review.js --files "src/index.ts" "src/utils.ts"

Review from pasted diff

审查粘贴的差异内容

bash
node /job/.pi/skills/code-review-assistant/review.js --diff "diff content here"
bash
node /job/.pi/skills/code-review-assistant/review.js --diff "diff content here"

Review with specific focus

指定审查重点

bash
node /job/.pi/skills/code-review-assistant/review.js --focus security "https://github.com/owner/repo/pull/123"
node /job/.pi/skills/code-review-assistant/review.js --focus bugs "https://github.com/owner/repo/pull/123"
node /job/.pi/skills/code-review-assistant/review.js --focus best-practices "https://github.com/owner/repo/pull/123"
bash
node /job/.pi/skills/code-review-assistant/review.js --focus security "https://github.com/owner/repo/pull/123"
node /job/.pi/skills/code-review-assistant/review.js --focus bugs "https://github.com/owner/repo/pull/123"
node /job/.pi/skills/code-review-assistant/review.js --focus best-practices "https://github.com/owner/repo/pull/123"

JSON output (for automation)

JSON格式输出(用于自动化场景)

bash
node /job/.pi/skills/code-review-assistant/review.js --json "https://github.com/owner/repo/pull/123"
bash
node /job/.pi/skills/code-review-assistant/review.js --json "https://github.com/owner/repo/pull/123"

Quick inline check (for use in other skills)

快速内联检查(用于其他技能)

bash
node /job/.pi/skills/code-review-assistant/quick-check.js "const x = 1;" javascript
bash
node /job/.pi/skills/code-review-assistant/quick-check.js "const x = 1;" javascript

Focus Areas

审查重点

The review can focus on specific areas:
FocusDescription
security
Security vulnerabilities, injection risks, exposed secrets
bugs
Logic errors, null pointer risks, race conditions
best-practices
Code style, performance, maintainability
performance
Performance issues, memory leaks, inefficient algorithms
all
(default)		Full review covering all areas
审查可针对特定领域:
重点领域描述
security
安全漏洞、注入风险、泄露的密钥
bugs
逻辑错误、空指针风险、竞态条件
best-practices
代码风格、性能、可维护性
performance
性能问题、内存泄漏、低效算法
all
(默认)		覆盖所有领域的全面审查

Output Format

输出格式

Human-readable (default)

人类可读格式(默认)

============================================================
Code Review: PR #123 - Add user authentication
============================================================
Repo: owner/repo
Author: @developer
Files changed: 3
Additions: 150 | Deletions: 20

--- Security Issues ---
⚠️ [HIGH] auth.js:45 - Hardcoded API key detected
   Consider using environment variables instead
   
✅ No other security issues found

--- Bugs ---
🐛 [MEDIUM] login.js:78 - Missing null check on user object
   Add defensive check before accessing user.email
   
🔍 [LOW] utils.js:12 - Unused variable 'temp'

--- Best Practices ---
💡 [LOW] auth.js:90 - Consider using const instead of let
   Variable 'token' is never reassigned

--- Summary ---
Overall: 1 high priority, 1 medium priority, 2 low priority issues
Recommendation: Address high and medium issues before merging
============================================================
代码审查:PR #123 - 添加用户认证功能
============================================================
仓库:owner/repo
作者:@developer
变更文件数:3
新增代码:150行 | 删除代码:20行

--- 安全问题 ---
⚠️ [高优先级] auth.js:45 - 检测到硬编码API密钥
   建议改用环境变量存储
   
✅ 未发现其他安全问题

--- 代码漏洞 ---
🐛 [中优先级] login.js:78 - 用户对象缺少空值检查
   在访问user.email前添加防御性检查
   
🔍 [低优先级] utils.js:12 - 存在未使用变量'temp'

--- 最佳实践 ---
💡 [低优先级] auth.js:90 - 建议使用const替代let
   变量'token'从未被重新赋值

--- 总结 ---
总体情况:1个高优先级、1个中优先级、2个低优先级问题
建议:合并前解决高优先级和中优先级问题

JSON output

JSON格式输出

json
{
  "pr": {
    "url": "https://github.com/owner/repo/pull/123",
    "title": "Add user authentication",
    "repo": "owner/repo",
    "author": "@developer",
    "filesChanged": 3,
    "additions": 150,
    "deletions": 20
  },
  "issues": [
    {
      "severity": "high",
      "category": "security",
      "file": "auth.js",
      "line": 45,
      "message": "Hardcoded API key detected",
      "suggestion": "Consider using environment variables instead"
    },
    {
      "severity": "medium",
      "category": "bugs",
      "file": "login.js",
      "line": 78,
      "message": "Missing null check on user object",
      "suggestion": "Add defensive check before accessing user.email"
    }
  ],
  "summary": {
    "total": 4,
    "high": 1,
    "medium": 1,
    "low": 2,
    "recommendation": "Address high and medium issues before merging"
  }
}
json
{
  "pr": {
    "url": "https://github.com/owner/repo/pull/123",
    "title": "Add user authentication",
    "repo": "owner/repo",
    "author": "@developer",
    "filesChanged": 3,
    "additions": 150,
    "deletions": 20
  },
  "issues": [
    {
      "severity": "high",
      "category": "security",
      "file": "auth.js",
      "line": 45,
      "message": "Hardcoded API key detected",
      "suggestion": "Consider using environment variables instead"
    },
    {
      "severity": "medium",
      "category": "bugs",
      "file": "login.js",
      "line": 78,
      "message": "Missing null check on user object",
      "suggestion": "Add defensive check before accessing user.email"
    }
  ],
  "summary": {
    "total": 4,
    "high": 1,
    "medium": 1,
    "low": 2,
    "recommendation": "Address high and medium issues before merging"
  }
}

Common Workflows

常见工作流

Quick PR Review

快速PR审查

User: Can you review this PR? https://github.com/owner/repo/pull/456
Agent: [Uses code-review-assistant to fetch PR and analyze]
用户:能帮我审查这个PR吗?https://github.com/owner/repo/pull/456
Agent:[使用code-review-assistant获取PR并分析]

Pre-merge Check

合并前检查

User: Run a security check on my branch before I submit
Agent: [Uses code-review-assistant with --focus security on branch]
用户:提交前帮我对分支做一次安全检查
Agent:[使用code-review-assistant并指定--focus security参数审查分支]

Code Quality Review

代码质量审查

User: What's the code quality like in these files?
Agent: [Uses code-review-assistant with --focus best-practices on files]
用户:这些文件的代码质量怎么样?
Agent:[使用code-review-assistant并指定--focus best-practices参数审查文件]

Integration with Other Skills

与其他技能集成

  • With git-ops: Get branch diffs and feed to review
  • With pr-description-generator: After review, generate PR description
  • With memory-agent: Store review findings for future reference
  • With email-agent: Email review results to team
  • 与git-ops集成:获取分支差异并传入审查工具
  • 与pr-description-generator集成:审查完成后生成PR描述
  • 与memory-agent集成:存储审查结果供后续参考
  • 与email-agent集成:将审查结果通过邮件发送给团队

Limitations

局限性

  • Requires 
    gh
    CLI authentication for GitHub PRs
  • Large PRs may be truncated for analysis
  • Cannot review binary files or very large changesets
  • Some patterns may be false positives (LLM analysis)
  • 获取GitHub PR需要
    gh
    CLI已认证
  • 大型PR可能会被截断以进行分析
  • 无法审查二进制文件或超大变更集
  • LLM分析可能会产生部分误报

Tips

提示

  1. For large PRs: Ask user to narrow focus to specific files
  2. For security: Use 
    --focus security
    for targeted reviews
  3. For automation: Use 
    --json
    for CI/CD integration
  4. For quick checks: Use 
    quick-check.js
    for inline code snippets
  1. 针对大型PR:请用户缩小审查范围至特定文件
  2. 针对安全审查:使用
    --focus security
    进行针对性审查
  3. 针对自动化场景:使用
    --json
    格式输出以集成到CI/CD流程
  4. 针对快速检查:使用
    quick-check.js
    处理内联代码片段