home / skills / openharmonyinsight / openharmony-skills / ai-generated-business-code-review
This skill evaluates AI-generated business code quality, scores 0-10, assesses risk, and generates must-fix items with concrete evidence.
npx playbooks add skill openharmonyinsight/openharmony-skills --skill ai-generated-business-code-reviewReview the files below or copy the command above to add this skill to your agents.
---
name: ai-generated-business-code-review
description: Use when reviewing or scoring AI-generated business/application code quality in any language, especially when a numeric score, risk level, or must-fix checklist is requested, or when C++ code must comply with OpenHarmony C++ and security standards
---
# AI Business Code Review
## Overview
Review AI-generated business/application code for correctness, robustness, maintainability, performance, and security. Output a 0-10 score, a risk level, and a must-fix checklist. For C++ code, **REQUIRED**: use `openharmony-cpp` and `openharmony-security-review` as hard constraints.
## When to Use
- AI-generated business/app code review or quality evaluation
- Need scoring, risk level, or must-fix checklist
- C++ business code must meet OpenHarmony coding/security requirements
## Workflow
1. Identify language and code type (business vs test). If test code, use `ai-generated-ut-code-review` instead.
2. For C++: load and apply `openharmony-cpp` + `openharmony-security-review` as mandatory constraints.
3. Inspect behavior vs requirements, edge cases, error handling, resource management, and security.
4. Score by rubric, assign risk level, list must-fix items with concrete evidence (file/line or snippet).
## Scoring (0-10)
Each dimension 0-2 points. Sum = total score.
| Dimension | 0 | 1 | 2 |
| --- | --- | --- | --- |
| Correctness | Wrong/missing key behavior | Partial/assumptions | Meets requirements |
| Robustness | Crashes/leaks/unchecked errors | Some edge handling | Solid edge/error handling |
| Maintainability | Hard to read/modify | Mixed quality | Clear structure & naming |
| Performance | Inefficient hot paths | Acceptable but improvable | Efficient for expected load |
| Security | Clear vulnerabilities | Weak validation/unsafe | Safe-by-default, validated |
## Risk Levels
- **Blocker**: security漏洞、严重逻辑错误、或违反 C++ 强制规范
- **High**: 关键路径缺失、异常处理不完整、明显资源泄漏
- **Medium**: 维护性或性能风险显著
- **Low**: 轻微问题或风格一致性
## Must-Fix Checklist
- 外部输入有明确校验与错误反馈
- 关键异常路径可达且可观测(日志/错误码/异常)
- 资源释放或 RAII 保证(C++)
- C++ 场景满足 `openharmony-cpp` 与 `openharmony-security-review`
## AI-Generated Code Pitfalls (Check Explicitly)
- 需求误解、隐含前提错误
- 只覆盖 happy-path,忽略异常/边界
- 吞异常或默认值不合理
- 复制粘贴造成重复与不一致
- 过度复杂化或抽象错误
## Output Format (Required, Semi-fixed)
- `Score`: x/10 — Correctness x, Robustness x, Maintainability x, Performance x, Security x
- `Risk`: Low/Medium/High/Blocker — 简述风险原因(1 行)
- `Must-fix`:
- [动作 + 证据]
- [动作 + 证据]
- `Key Evidence`:
- 引用具体函数/类/路径(1-2 条)
- `Notes`:
- 最小修复建议或替代方案(1-2 行)
**Rules:**
- C++ 必须在 `Key Evidence` 或 `Must-fix` 中明确指出违反 `openharmony-cpp`/`openharmony-security-review` 的点
- 至少 2 条证据;证据不足需说明并降分
- 禁止只给总体评价
## Common Mistakes
- 只给总体评价,不给证据
- 忽略 C++ 强制规范
- 将风格问题当作阻断风险
## Example (Concise)
Score: 6/10 (Correctness 1, Robustness 1, Maintainability 1, Performance 1, Security 2)
Risk: High
Must-fix:
- Missing input validation in `createUser()` (null/empty, length, format)
- Error path swallows exceptions without logging
Key Evidence:
- `createUser()` accepts raw input without checks
- `catch` block is empty in `persistUser()`
Notes:
- Add explicit validation and return structured errors.
This skill evaluates AI-generated business and application code for correctness, robustness, maintainability, performance, and security. It produces a numeric 0–10 score, a concise risk level, and a must-fix checklist with concrete evidence. For C++ code, it enforces OpenHarmony C++ and OpenHarmony security review constraints as mandatory checks.
I identify the language and whether the code is business logic or test code, and refuse test-code reviews in favor of a unit-test review workflow. I inspect behavior against requirements, edge cases, error handling, resource management, and security controls. For C++ code I apply openharmony-cpp and openharmony-security-review as hard constraints and flag any violations in evidence and must-fix items.
What does the numeric score represent?
A sum of five dimensions (Correctness, Robustness, Maintainability, Performance, Security) each scored 0–2, totaling 0–10.
How are C++ OpenHarmony issues reported?
Any OpenHarmony C++ or OpenHarmony security violation is called out explicitly in Must-fix and Key Evidence and may raise the risk to Blocker.
What counts as sufficient evidence?
At least two citations of functions, classes, file paths, line ranges, or code snippets showing the issue; otherwise the score is reduced.