← Back to Skills Marketplace

PR Review Factory

Name: PR Review Factory
Author: zlszhonglongshen

by zlszhonglongshen · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install pr-review-factory

Description

自动化Code Review工厂 — GitHub PR审查全流程自动化，从提交到修复到合并，一站式质量门禁。

Usage Guidance

Before installing, verify and limit privileges: 1) Ask the publisher for clarification about required env vars (SKILL.md mentions GITHUB_TOKEN but metadata lists none) and for the source/homepage. 2) Use a least-privilege credential: prefer a fine-grained GitHub App or token scoped only to the specific repo and actions needed (issues, workflows, PR updates), avoid org-level or admin tokens. 3) Review generated GitHub Actions workflows and CI templates before they are committed/deployed — workflows can execute PR code and could be abused. 4) Test the skill on a non-production or forked repo first. 5) Confirm the provenance/trustworthiness of the referenced sub-skills (code-review-skill, github-issues-skill, github-actions-templates) — they are orchestrated but not included, so their behavior matters. 6) If you require automatic merging, consider adding a manual approval step or restrict merges to specific maintainers. If you cannot verify the publisher or the downstream skills, avoid granting admin-level repo access.

Capability Analysis

Type: OpenClaw Skill Name: pr-review-factory Version: 1.0.0 The pr-review-factory skill bundle is a legitimate automation tool designed to orchestrate GitHub Pull Request workflows. It leverages standard skills (code-review-skill, github-issues-skill, and github-actions-templates) to perform multi-dimensional code analysis, track blocking issues, and configure CI/CD quality gates. The requested permissions (GITHUB_TOKEN) and actions (creating issues, modifying workflows) are entirely consistent with its stated purpose of DevOps automation, and no indicators of malicious intent, data exfiltration, or harmful prompt injection were found across the SKILL.md or workflow.json files.

Capability Assessment

ℹ Purpose & Capability

The skill claims to automate full PR lifecycle (review → issues → CI → merge). That purpose legitimately requires GitHub API access and the ability to create workflows and issues; these capabilities align with the stated purpose. However, the skill metadata declares no required environment variables or credentials while the SKILL.md explicitly says a GITHUB_TOKEN is required — an inconsistency.

⚠ Instruction Scope

SKILL.md instructs the agent to fetch PR diffs, create Issues, configure/deploy GitHub Actions workflows, check branch protection, and automatically mark/merge PRs. These actions operate on the user's repos and can change repository settings and add CI workflows. The instructions do not declare any external endpoints beyond GitHub or request unrelated local files, but they grant broad discretion to modify repo state (including deploying workflows) which can execute code from PRs. The missing explicit declaration of required credentials in the metadata increases risk.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself. That reduces installation risk; all runtime behavior is orchestration of other (named) skills.

⚠ Credentials

The skill requires a GitHub token with repo read/write and possibly admin permissions (to deploy workflows and mark/merge PRs), but the registry metadata lists no required env vars or primary credential. Declaring no credentials while the instructions require GITHUB_TOKEN is a notable mismatch. Granting a token with repo-admin or org-level rights would be disproportionate unless you trust the skill and its components.

ℹ Persistence & Privilege

always:false and normal autonomous invocation are used (no forced inclusion). The skill will modify repository state (issues, workflows, PR merge status) if given permission — this is expected for its purpose but constitutes high-impact privileges within the repo. There's no indication the skill will persist beyond normal operation or alter other skills' configs.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install pr-review-factory
After installation, invoke the skill by name or use /pr-review-factory
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

pr-review-factory 1.0.0首次发布： - 实现GitHub PR自动化审查全流程，包括结构化Code Review、问题Issue化、责任分派、CI工作流验证到自动合并。 - 支持5个核心审查维度：正确性、安全性、可读性、性能、可维护性。 - 自动创建和分派GitHub Issues跟踪审查问题，实现修复闭环。 - 质量门禁控制：所有Blocking问题修复后才可自动合并PR。 - 提供多种触发方式，适配不同审查场景。

Metadata

Slug pr-review-factory

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is PR Review Factory?

自动化Code Review工厂 — GitHub PR审查全流程自动化，从提交到修复到合并，一站式质量门禁。 It is an AI Agent Skill for Claude Code / OpenClaw, with 45 downloads so far.

How do I install PR Review Factory?

Run "/install pr-review-factory" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is PR Review Factory free?

Yes, PR Review Factory is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does PR Review Factory support?

PR Review Factory is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created PR Review Factory?

It is built and maintained by zlszhonglongshen (@zlszhonglongshen); the current version is v1.0.0.

More Skills