Automated Code Review

381210 79861 Updated: 2026-07-09 00:20:19

"Autonomous Code Review" is a core AI code review agent capability built into OpenClaw, specifically designed to automate Git PR/MR code review workflows.

Install
npx skills add https://github.com/openclaw/openclaw --skill autoreview
Skill Details readonly

I. Core Positioning

It replaces manual reviewers to conduct the first round of pre-code review, fundamentally different from ESLint and other static scanning tools:
  • Static analysis tools only check syntax and formatting rules;
  • autoreview leverages large language models to comprehend business logic, code context and developer intent, capable of spotting logical flaws, security loopholes and architectural risks;
  • It integrates with GitHub/Gitee/GitLab Webhooks to trigger full automatic scans upon PR creation or updates, requiring zero manual invocation.

II. Full List of Review Capabilities

1. Code Validity & Logical Bug Detection

  • Null pointer exceptions, missing null checks, array out-of-bounds errors, invalid boundary value handling;
  • Missing exception handling for async functions, absent try/catch blocks;
  • Missing branch logic, unhandled return values, erroneous conditional judgments;
  • Type mismatches, implicit any types, incomplete type definitions.

2. Security Risk Scanning (Core Priority)

  • Hardcoded secret keys, plaintext passwords and exposed tokens;
  • SQL injection vulnerabilities, unvalidated user input, unsafe deserialization;
  • Privilege escalation risks, sensitive data leakage in logs, path traversal attacks;
  • Invocation of dangerous functions, API endpoints without identity authentication.

3. Performance Optimization & Code Standards

  • Nested loops, repeated database queries, memory leaks;
  • Inconsistent project coding styles, non-standard naming, missing explanatory comments;
  • Redundant code, duplicated logic, overly complex implementable logic;
  • Hardcoded fixed values and magic numbers.

4. Engineering Completeness Check

  • New or modified functions without matching unit test cases;
  • Undocumented public interfaces and newly added modules;
  • Breaking changes lacking backward compatibility for existing callers;
  • Unsynchronized updates to configuration files and environment variables.

5. Scope Governor (Exclusive Built-in Control Mechanism)

Prevent developers from sneaking irrelevant refactoring or architectural adjustments into small PRs:
  • Automatically block PRs with sudden surges in file changes or doubled line count without valid descriptions;
  • Force PR splitting if defects remain unresolved after multiple revision rounds;
  • Distinguish minor iterative updates from large architectural refactors to avoid bloated, unmanageable PRs.

III. Output Formats (Directly Submittable to Code Platforms)

  1. Line-level precise comments: pinpoint exact files and line numbers to flag defects;
  2. Structured summary report: categorize issues by severity (Critical / Normal / Optimization), with ready-to-copy fix code snippets attached;
  3. Automatic PR tags & status markers: auto-label tags including security-risk, missing-test, breaking-change;
  4. Export structured JSON reports for seamless integration with CI pipelines and alert systems.

IV. Multi-Model Support

Built-in switchable multiple review engines, allowing users to assign specific LLMs for in-depth analysis:
  • Compatible with GPT series, Claude, Copilot, Cursor, OpenCode, Gemini and more;
  • Configurable dual-model cross-review mode (e.g. Codex + Claude) to boost review accuracy.

V. Differences from GitHub Skill

  • GitHub Skill: Pure Git operation utility, solely responsible for pulling PR diffs, submitting comments and warehouse manipulation;
  • autoreview: The core AI review logic engine, tasked with code parsing, semantic AI analysis and generating professional review feedback;
  • Standard collaborative workflow: Webhook trigger → GitHub Skill pulls code changes → autoreview executes full review → GitHub Skill pushes review comments to the PR page.

VI. Typical Application Scenarios

  1. Team CI pipeline automation: Auto pre-review new PRs to block low-level flaws before manual review;
  2. Security audit after large-scale architectural refactoring;
  3. Reduce repetitive review workload for open-source project maintainers;
  4. Unattended overnight continuous risk scanning for existing legacy codebases;
  5. Standardize team coding rules to eliminate inconsistent judgment standards across different human reviewers.

VII. Limitations (Unsupported Capabilities)

  • Cannot deeply evaluate product business decisions or high-level architectural design quality;
  • Unable to identify performance bottlenecks that only surface under load testing;
  • Does not judge highly subjective stylistic preferences with unified objective standards;
  • Fails to spot business-specific logical defects without sufficient business context input.

One-Sentence Summary

autoreview is an AI automatic code review agent native to OpenClaw. It automatically fetches PR code diffs, conducts multi-dimensional deep semantic audits covering logic, security, performance, unit testing and coding standards, and submits line-specific repair suggestions to code repositories, drastically cutting repetitive manual review workload.