open-code-review
The open-code-review skill provides an interface to the ocr CLI tool for performing AI-powered code reviews on Git repositories. It supports reviewing staged, unstaged, and untracked changes, specific commits, or branch comparisons. The skill generates line-level comments, classifies issues by priority, and supports automatic code fixes.
Is open-code-review safe to install?
Review the source first: our audit of open-code-review's source files found 10 shell commands, 1 external URL, file reads and writes (high risk). Every command and URL listed appears verbatim in the skill's source. The skill executes shell commands, reads local Git repository files, and makes network requests to configured LLM API endpoints.
How we audit skills: our security review methodology.
Who is this skill for?
Developers and AI agents requiring automated code quality analysis, security vulnerability detection, and performance optimization within Git-based workflows.
What can you do with it?
- Reviewing current workspace changes for bugs and quality issues
- Analyzing specific commits for code improvements
- Comparing branches to identify regressions or quality gaps
- Applying automated code fixes based on review findings
- Enforcing project-specific coding rules via custom configuration files
How good is this skill?
Quality score: 5/10. The skill documentation is comprehensive, providing clear installation steps, command examples, and a structured workflow for agents to follow.
What does the skill file contain?
# Open Code Review A skill for invoking [open-code-review](https://github.com/alibaba/open-code-review) (`ocr`) — an open-source AI code review CLI that reads Git diffs and generates structured, line-level review comments. ## Prerequisites check Before starting a review, verify the environment: ```bash # 1. Check the CLI is installed which ocr || echo "NOT INSTALLED" # 2. Verify LLM connectivity ocr llm test ``` If `ocr` is not installed, install it first: ```bash npm install -g @alibaba-group/open-code-review ``` If `ocr llm test` fails, the user must configure an LLM. Guide them with...
Frequently asked questions
What are the prerequisites for using this skill?
The user must install the ocr CLI via npm or a GitHub release binary and configure an Anthropic or OpenAI-compatible LLM.
How does the skill handle business context?
The skill accepts business context via the --background or -b flag, which it passes to the ocr CLI to improve the quality of the generated review.
Can the skill automatically apply fixes?
Yes, the skill can apply fixes directly to the code, but it must request user permission unless the user explicitly requested a 'review and fix' operation.
How are review results prioritized?
The skill classifies comments into High, Medium, and Low priority based on the nature of the issue, such as bugs, security vulnerabilities, or style suggestions.
Related skills
gws-workflow-email-to-task
17.9KUsers who manage tasks directly from their Gmail inbox via the command line
The gws-workflow-email-to-task skill converts a Gmail message into a Google Tasks entry using the gws CLI tool.
gws-workflow-meeting-prep
17.5KUsers who manage schedules and meeting preparation via the Google Workspace CLI
The gws-workflow-meeting-prep skill retrieves agenda, attendee, and document information for the next upcoming Google Calendar event.
wecomcli-meeting
10.7KUsers of the WeCom platform who need to manage their meeting schedules through an AI agent interface
The wecomcli-meeting skill provides management capabilities for WeCom meetings, including creating, listing, retrieving details, canceling, and updating meeting participants via the wecom-cli command-line tool.
react-email
6.0KDevelopers building transactional or marketing emails who want to use React components and Tailwind CSS for styling
React Email provides a framework for building and sending HTML emails using React components. It includes a development server for previewing templates, a library of email-specific components, and an embeddable visual editor.