← Back to Skills Marketplace
pr-review
by
Glucksberg
· GitHub ↗
· v2.0.1
1469
Downloads
0
Stars
5
Active Installs
3
Versions
Install in OpenClaw
/install pr-review
Description
Find and fix code issues before publishing a PR. Single-pass review with auto-fix. Use when reviewing code changes before submission or auditing existing cod...
Usage Guidance
This skill is coherent for its stated purpose: it will read your repository (git diff, config files, source files) and apply automatic fixes above configured confidence thresholds. Things to consider before running:
- Back up or commit your branch first (run on a feature branch) so you can review or revert changes.
- Review the diffs after the run (git diff --stat and full diff) and run your tests before pushing.
- Note the auto-fix behavior: Diff mode auto-fixes issues scoring >=70 and Audit mode >=80 — adjust your expectations accordingly.
- If you don't want the agent to edit files without explicit approval, require confirmation or run the tool in a dry-run/report-only mode.
- The skill is instruction-only (no external installers), reads only repo files, and requests no cloud credentials — there are no obvious indicators of secret exfiltration or out-of-scope access.
- Minor naming inconsistency: documentation refers to 'pre-review' commands while the skill is named 'pr-review' — confirm command names when installing/invoking.
If you want extra assurance, run it on a non-production copy of the repo first and inspect the changes before trusting it on critical branches.
Capability Analysis
Type: OpenClaw Skill
Name: pr-review
Version: 2.0.1
The skill is classified as suspicious due to the broad permissions granted to the AI agent, specifically `Read`, `Edit`, `Write` access to files, and `Bash(git *)` execution capabilities, as defined in `plugins/pre-review/commands/code-audit.md` and `plugins/pre-review/commands/pre-review.md`. While these permissions are necessary for the skill's stated purpose of automatically reviewing and fixing code, they represent a significant attack surface. There is no evidence of intentional malicious behavior (e.g., data exfiltration, persistence, or unauthorized remote control) within the provided instructions, but the inherent power to modify user files and execute `git` commands could be exploited if the agent's instructions were subverted.
Capability Assessment
Purpose & Capability
The skill is named pr-review and its instructions implement a 'pre-review' workflow: running git diffs, reading project config (eslint, tsconfig, CLAUDE.md), analyzing files, and applying fixes. Requiring the git binary and reading repository files is proportionate to the stated purpose. Minor naming inconsistency: the docs and commands mostly refer to 'pre-review' while the skill name is 'pr-review', but this is likely cosmetic.
Instruction Scope
The SKILL.md explicitly instructs the agent to read repository files, run git diff/blame, analyze code, and perform in-place auto-fixes above configured confidence thresholds (>=70 for diff mode, >=80 for audit). Reading project configuration files (CLAUDE.md, .eslintrc*, package.json) is expected for guideline-aware review. The notable operational risk is that the skill will edit repository files automatically — users should expect and review changes (git diff) after running. There are no instructions to read system-wide files or environment secrets outside the repository.
Install Mechanism
This is an instruction-only skill with no install spec or code files that execute arbitrary downloads. That minimizes install-time risk; nothing is fetched from external URLs or written to disk by an installer.
Credentials
The skill declares no required environment variables, credentials, or config paths outside the repo. The files it reads (repo config and project files) are appropriate for a code-review tool. There are no requests for unrelated cloud or service credentials.
Persistence & Privilege
always:false (normal). The skill is allowed to run autonomously by default (platform default) and its instructions include making edits to repository files. Autonomous invocation combined with auto-edit behavior increases the practical blast radius: consider requiring explicit confirmation before allowing edits or running the skill on a disposable branch. The skill does not request persistent system-wide privileges or modify other skills.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pr-review - After installation, invoke the skill by name or use
/pr-review - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.1
Remove model-specific references from description
v2.0.0
v2.0.0: Simplified to single-pass review. Dropped 8-agent orchestration (5 Sonnet + 3 Haiku) in favor of one capable model pass. 10x cheaper, 5x faster. Keeps both diff/audit modes and auto-fix.
v1.0.0
Initial release. Unified pre-review and code-audit into single skill with smart mode detection.
Metadata
Frequently Asked Questions
What is pr-review?
Find and fix code issues before publishing a PR. Single-pass review with auto-fix. Use when reviewing code changes before submission or auditing existing cod... It is an AI Agent Skill for Claude Code / OpenClaw, with 1469 downloads so far.
How do I install pr-review?
Run "/install pr-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is pr-review free?
Yes, pr-review is completely free (open-source). You can download, install and use it at no cost.
Which platforms does pr-review support?
pr-review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created pr-review?
It is built and maintained by Glucksberg (@glucksberg); the current version is v2.0.1.
More Skills