← Back to Skills Marketplace
ai-pr-doctor
by
zlszhonglongshen
· GitHub ↗
· v1.0.0
· MIT-0
59
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ai-pr-doctor
Description
AI PR 医生 - 自动诊断 GitHub PR 问题、修复 Bug、生成修复报告的端到端工作流。触发词:PR 诊疗、代码审查、修复 PR、PR 医生、自动合并。
README (SKILL.md)
AI PR 医生 (ai-pr-doctor)
GitHub PR → AI 代码审查 → 自动修复 → 合并 → 修复报告 → 飞书通知
🎯 解决痛点
- ❌ 团队 PR 堆积,没人及时 review
- ❌ 代码审查耗时,漏掉潜在 bug
- ❌ 简单修复(格式、测试)手动操作太繁琐
- ❌ 合并后没有记录,不知道修了什么
💡 解决方案
GitHub PR 链接/编号
↓
┌──────────────────┐
│ github │ → gh pr view 获取 PR 信息 + 代码diff
└────────┬─────────┘
↓
┌──────────────────┐
│ code-review-skill│ → 5维度 AI 并行审查:CLAUDE.md合规、Bug审计、
└────────┬─────────┘ Git历史分析、过往PR评论、代码注释合规
↓
┌──────────────────┐
│ auto-pr-merger │ → 尝试自动修复 + 重跑测试 + 自动合并
└────────┬─────────┘
↓
┌──────────────────┐
│ feishu_doc │ → 生成修复报告并发布至飞书文档
└──────────────────┘
📦 包含 Skills
| Skill | 作用 | 调用顺序 |
|---|---|---|
| github | 获取 PR 信息、代码diff、合并操作 | 1 |
| code-review-skill | 5维度 AI 并行代码审查 | 2 |
| auto-pr-merger | 自动修复 + 测试 + 合并 | 3 |
| feishu_doc | 生成诊疗报告并发布飞书 | 4 |
🔧 前置要求
- gh CLI 已安装并认证 (
gh auth status) - GitHub 仓库 可写(用于 auto-pr-merger push 修复)
- 飞书机器人 已配置 feishu_doc 权限
📝 使用方法
触发命令
/ai-pr-doctor \x3CPR_URL或编号>
诊断这个 PR
代码审查这个 PR
帮我看看这个 PR
完整命令
# 方式 1:通过 OpenClaw
openclaw run ai-pr-doctor --pr https://github.com/owner/repo/pull/123
# 方式 2:通过 cron 定时检查未合并的 PR
openclaw cron add \
--name "PR 待审查提醒" \
--schedule "0 10 * * 1-5" \
--skill ai-pr-doctor \
--params '{"mode":"check-pending","repo":"owner/repo"}'
🔄 工作流详情
Step 1: 获取 PR 信息
步骤: 1
技能: github
输入:
action: pr view
repo: ${repo_from_input}
pr_number: ${pr_number}
output: json
输出:
pr_title: ${title}
pr_body: ${body}
pr_state: ${state}
changed_files: ${files}
diff_url: ${diff_url}
author: ${user.login}
Step 2: AI 代码审查
步骤: 2
技能: code-review-skill
输入:
pr_url: ${pr_url}
review_dimensions:
- CLAUDE.md 合规性审查
- 浅层 Bug 扫描
- Git 历史上下文分析
- 过往 PR 评论对照
- 代码注释合规检查
output_format: structured_json
输出:
issues: ${issue_list}
severity_scores: ${scores}
review_summary: ${summary}
Step 3: 自动修复与合并
步骤: 3
技能: auto-pr-merger
输入:
pr: ${pr_url}
test: "npm test" # 可自定义测试命令
retries: 2
auto_merge_if_passed: true
输出:
fixed_files: ${files_modified}
test_results: ${test_output}
merge_result: ${merge_state}
Step 4: 生成修复报告
步骤: 4
技能: feishu_doc
输入:
action: create
title: "🔬 PR 诊疗报告 #${pr_number} | ${pr_title}"
content: ${report_markdown}
输出:
doc_url: ${docUrl}
doc_id: ${docId}
📊 输出示例:PR 诊疗报告
# 🔬 PR 诊疗报告 #123 | feat: 新增用户认证功能
**仓库**: owner/repo | **PR 链接**: https://github.com/owner/repo/pull/123
**作者**: @zhangsan | **审查时间**: 2026-04-25
---
## 📋 PR 概览
| 字段 | 值 |
|------|-----|
| 状态 | ✅ 已合并 |
| 文件变更 | +127 / -43 |
| 审查轮次 | 1 |
| 自动修复 | 2 处 |
---
## 🩺 AI 审查结果
### 🔴 严重问题 (2)
| # | 文件 | 行号 | 问题描述 |
|---|------|------|---------|
| 1 | src/auth/login.ts | L45 | SQL 注入风险:未使用参数化查询 |
| 2 | src/middleware/logger.ts | L12 | 敏感信息日志外泄 |
### 🟡 中等问题 (3)
| # | 文件 | 问题描述 |
|---|------|---------|
| 1 | src/auth/token.ts | Token 过期时间过长(30天,建议7天)|
| 2 | tests/login.test.ts | 测试覆盖率仅 45%,建议提升至 80% |
### 🟢 低优先级 (1)
| # | 问题 |
|---|------|
| 1 | 缺少 JSDoc 注释 |
---
## 🔧 自动修复记录
| 文件 | 修复内容 | 状态 |
|------|---------|------|
| src/utils/format.ts | Prettier 格式化 | ✅ |
| tests/login.test.ts | Jest 配置修复 | ✅ |
| src/auth/token.ts | Token 过期时间调整 | ⏭️ 跳过(需人工确认)|
---
## ✅ 合并结果
- **自动合并**: 成功
- **CI 状态**: 通过 🟢
- **审查通过**: 2/2 检查项
- **合并时间**: 2026-04-25 20:15 UTC
---
*由 AI PR Doctor 自动生成*
⚙️ 自定义配置
修改测试命令
编辑 workflow.json 中的 auto-pr-merger 配置:
{
"steps": [
{
"id": "step3_merge",
"skill": "auto-pr-merger",
"input": {
"test": "pytest tests/ -v",
"retries": 3
}
}
]
}
修改审查维度
{
"code_review": {
"dimensions": [
"security",
"performance",
"maintainability",
"test_coverage"
],
"severity_threshold": 50
}
}
⚠️ 注意事项
- 权限要求: auto-pr-merger 需要对仓库有写权限才能 push 修复
- 测试命令: 请根据实际项目修改测试命令,默认
npm test - 安全审查: 涉及安全的 PR 建议人工二次确认
- CI 依赖: 依赖 GitHub Actions 状态,建议开启 required checks
📞 故障排除
| 问题 | 原因 | 解决方案 |
|---|---|---|
| gh auth 失败 | 未登录 | 运行 gh auth login |
| 自动修复失败 | 代码冲突 | 手动解决冲突后重试 |
| PR 已被合并 | 无需处理 | 跳过此 PR |
| CI 未通过 | 测试失败 | 查看详细日志,手动修复 |
Usage Guidance
Before installing, confirm the following: (1) The skill needs GitHub credentials with push/merge rights and Feishu bot/token access even though the registry metadata doesn't declare them — only grant least privilege (repo-scoped write, not org-wide). (2) Running tests (npm test, pytest, etc.) executes PR code; run the skill in an isolated environment or with strict sandboxing and required checks enabled to avoid executing malicious PR code or leaking secrets. (3) Consider disabling automatic merging (set auto_merge:false) or require a manual approval step for any change touching sensitive files. (4) Inspect and verify the referenced sub-skills (code-review-skill, auto-pr-merger, feishu_doc, github) — ensure they are trusted and their credential usage is appropriate. (5) Prefer using short-lived tokens, required checks on CI, audit logging, and testing the workflow on a staging repo first. Ask the author/maintainer to update the metadata to declare required binaries (gh) and required environment variables/credentials so you can review exact privileges requested.
Capability Analysis
Type: OpenClaw Skill
Name: ai-pr-doctor
Version: 1.0.0
The bundle implements an automated GitHub PR 'doctor' workflow that includes high-risk capabilities such as executing arbitrary shell commands (via the 'test_command' input in workflow.json) and performing automated repository merges. While these behaviors are clearly aligned with the stated purpose in SKILL.md and README.md, the potential for remote code execution (RCE) if the test command is manipulated and the requirement for broad GitHub write permissions fall under the 'risky capabilities' threshold. No evidence of intentional malice, data exfiltration, or obfuscation was found across the analyzed files.
Capability Assessment
Purpose & Capability
The name/description match the workflow (fetch PR, review, attempt fixes, run tests, merge, post report). It correctly composes other skills (github, code-review-skill, auto-pr-merger, feishu_doc). However, the SKILL.md and workflow mention prerequisites (gh CLI installed and authenticated, GitHub repo write permission, Feishu bot credentials) that are not declared in the registry metadata/requirements — an inconsistency that should be explained by the author.
Instruction Scope
The instructions orchestrate fetching PR diffs, running an AI review, performing automatic fixes, executing test commands (e.g., npm test or pytest), and pushing merges. Running untrusted repository code (tests/builds/scripts) and performing automated pushes/merges are high-impact actions. While these actions are coherent with the skill's stated purpose, they materially increase risk (execution of arbitrary code in PRs, possible exfiltration via tests/CI, unintended merges). The SKILL.md gives broad discretion to auto-pr-merger (auto_merge_if_passed) and cron-based bulk processing, which amplifies risk if credentials or safeguards aren't tightly scoped.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is written to disk by the skill package itself.
Credentials
The workflow clearly requires GitHub authentication with write/push rights and Feishu credentials (bot/token/folder token), yet the registry metadata lists no required env vars or binaries. Inputs include a 'feishu_folder' token and rely on gh CLI being installed and authenticated, but these are not declared as required credentials. Missing declared credential requirements is an incoherence and makes it harder to assess least-privilege needs; it may lead users to supply overly broad tokens.
Persistence & Privilege
always:false (good), but the skill enables autonomous actions (default for skills) and includes an auto-merge step that will push changes and merge PRs when tests pass. Autonomous invocation plus the ability to push/merge and run repository tests increases blast radius if credentials are broad or the composed skills are untrusted. The workflow supports scheduled runs (cron), which could repeatedly operate across many PRs — again amplifying impact.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ai-pr-doctor - After installation, invoke the skill by name or use
/ai-pr-doctor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
ai-pr-doctor 1.0.0 released — an end-to-end workflow for automated AI code review and PR repair.
- Automatically diagnoses GitHub PR issues, attempts fixes, generates detailed repair reports, and merges PRs.
- Supports multi-dimensional AI review (compliance, bugs, history, comments, annotation checks).
- Integrates with Feishu for automated repair report publishing.
- Triggered by commands or scheduled cron; provides flexible configuration for review and test commands.
- Designed to reduce PR backlog, speed up review, and ensure traceable fixes.
Metadata
Frequently Asked Questions
What is ai-pr-doctor?
AI PR 医生 - 自动诊断 GitHub PR 问题、修复 Bug、生成修复报告的端到端工作流。触发词:PR 诊疗、代码审查、修复 PR、PR 医生、自动合并。 It is an AI Agent Skill for Claude Code / OpenClaw, with 59 downloads so far.
How do I install ai-pr-doctor?
Run "/install ai-pr-doctor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ai-pr-doctor free?
Yes, ai-pr-doctor is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does ai-pr-doctor support?
ai-pr-doctor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ai-pr-doctor?
It is built and maintained by zlszhonglongshen (@zlszhonglongshen); the current version is v1.0.0.
More Skills