← Back to Skills Marketplace
PR Review Assistant
by
charlie-morrison
· GitHub ↗
· v1.0.0
· MIT-0
47
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pr-review-assistant
Description
Automated pull request review providing detailed feedback on correctness, security, performance, maintainability, testing, and best practices.
Usage Guidance
This skill appears to be a small helper that collects diffs for an AI reviewer, but there are two things to be cautious about:
- Missing declared requirements: The script calls git and (optionally) gh but the skill metadata didn't list those binaries. Ensure git and gh are present and that gh is authenticated only with an account/token you trust.
- Overpromised AI behavior: SKILL.md claims advanced cross-file, repository-aware suggestions, but the included script only gathers diffs and stats. If you rely on the agent to perform in-depth review, inspect whatever AI-side code/config will run with this skill (the agent's model prompts and what files it will be allowed to read). Give the skill least privilege: run it locally first, confirm outputs, and restrict the agent's repository file access if possible.
Recommended actions before installing: run scripts/pr_review.py locally to confirm behavior, verify no unexpected network endpoints or credential usage are introduced at runtime, and if you enable autonomous invocation, limit its repository/file read scope and monitor gh authentication tokens used by the environment.
Capability Analysis
Type: OpenClaw Skill
Name: pr-review-assistant
Version: 1.0.0
The PR Review Assistant is a legitimate tool designed to collect git diff data for AI-assisted code reviews. The primary script, `scripts/pr_review.py`, uses safe subprocess calls with list-based arguments to interact with `git` and the GitHub CLI (`gh`), avoiding shell injection vulnerabilities. The documentation in `SKILL.md` is consistent with the code's functionality and contains no malicious instructions or prompt injection attempts.
Capability Assessment
Purpose & Capability
The skill's name and description (automated PR review) align with the included script, which collects diffs and file lists. However, the SKILL.md and the script rely on git and optionally the GitHub CLI (gh), but the registry metadata lists no required binaries or credentials. The SKILL.md also claims richer AI review capabilities ('understands project context', 'identifies patterns across multiple changed files', 'suggests specific fixes') that are not implemented in the included script (the script only gathers diffs/stats and prints them). This mismatch between claimed capabilities and actual artifacts is incoherent.
Instruction Scope
SKILL.md instructs running the included script and (optionally) using gh to fetch PR diffs. The instructions do not ask the agent to access unrelated system files or external endpoints. However the 'AI Enhancement' section explicitly encourages the agent to use repository context beyond the diff; that would legitimately require reading repository files, which is expected for a reviewer but expands runtime scope. The SKILL.md does not constrain what project files the agent may read, so an agent could end up reading any repo file if allowed.
Install Mechanism
There is no install spec (instruction-only with a small helper script). That minimizes install-time risk—nothing is downloaded or written by an installer.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. But the script invokes the GitHub CLI (gh) when a PR number is requested; gh requires authentication to GitHub (tokens/config stored elsewhere). The skill omits documenting that gh must be authenticated and does not request or declare a primary credential—this omission should be addressed so users know what permissions are needed.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges. It does not modify other skills or system settings. Autonomous invocation is allowed by default but is not combined with other high-risk indicators here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pr-review-assistant - After installation, invoke the skill by name or use
/pr-review-assistant - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of PR Review Assistant—automates pull request review with structured feedback:
- Assesses code across correctness, security, performance, maintainability, testing, and best practices.
- Supports reviewing current branch, specific PRs, or staged changes.
- Allows focus on selected review areas via command-line flags.
- Outputs clear summaries with severity/risk and actionable recommendations.
- Can format reports as markdown, JSON, or GitHub comments.
- Enhanced review when used as an agent: understands project context, applies conventions, and suggests code fixes.
Metadata
Frequently Asked Questions
What is PR Review Assistant?
Automated pull request review providing detailed feedback on correctness, security, performance, maintainability, testing, and best practices. It is an AI Agent Skill for Claude Code / OpenClaw, with 47 downloads so far.
How do I install PR Review Assistant?
Run "/install pr-review-assistant" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is PR Review Assistant free?
Yes, PR Review Assistant is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does PR Review Assistant support?
PR Review Assistant is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created PR Review Assistant?
It is built and maintained by charlie-morrison (@charlie-morrison); the current version is v1.0.0.
More Skills