← Back to Skills Marketplace
pr-reviewer
by
Brian Colinger
· GitHub ↗
· v1.0.1
7413
Downloads
0
Stars
55
Active Installs
2
Versions
Install in OpenClaw
/install pr-reviewer
Description
Automated GitHub PR code review with diff analysis, lint integration, and structured reports. Use when reviewing pull requests, checking for security issues,...
Usage Guidance
Install only if you are comfortable reviewing or patching the script first. Use least-privilege GitHub credentials, keep report paths inside the workspace, review generated markdown before running post, and avoid running it on untrusted PRs until filename handling is changed to pass data through stdin, JSON, or arguments instead of interpolating it into Python source.
Capability Analysis
Type: OpenClaw Skill
Name: pr-reviewer
Version: 1.0.1
The OpenClaw skill `pr-reviewer` is designed for automated GitHub PR code review, utilizing `gh` CLI and Python. It is classified as suspicious due to critical vulnerabilities rather than malicious intent. Specifically, the `scripts/pr-review.sh` script allows arbitrary file writes if the `PR_REVIEW_STATE` or `PR_REVIEW_OUTDIR` environment variables are set to sensitive paths (e.g., `/etc/passwd`), as there is no path sanitization or restriction. Additionally, there is a potential for shell injection in the `run_local_lint` function, where filenames obtained from GitHub PRs are directly expanded into `ruff` and `golangci-lint` commands, which could lead to arbitrary command execution if a malicious actor crafts a PR with specially named files containing shell metacharacters. No evidence of intentional data exfiltration, persistence, or obfuscation was found.
Capability Assessment
Purpose & Capability
Automated GitHub PR review, diff analysis, local linting, report generation, and optional PR commenting are coherent with the stated purpose.
Instruction Scope
Main actions are user-invoked, and posting is an explicit command, but the documentation references a different script path than the packaged file, which can confuse execution.
Install Mechanism
No hidden installer or persistence mechanism was found; declared runtime dependencies are gh and python3, with optional linters.
Credentials
The skill processes untrusted PR metadata and embeds PR-derived filenames into Python source passed to python3 -c, which is disproportionate for safe review automation and can create local code-execution risk.
Persistence & Privilege
It writes local state and markdown reports to documented, environment-configurable paths and can post to GitHub using the user's gh credentials when the user runs post; this is disclosed but should be tightly scoped.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pr-reviewer - After installation, invoke the skill by name or use
/pr-reviewer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Fix security scan flags: declare runtime dependencies, document env vars and write paths
v1.0.0
Initial release — automated GitHub PR code review with diff analysis for Go, Python, and JS/TS. Security scanning, error handling checks, test coverage gaps, local lint integration, and structured markdown reports.
Metadata
Frequently Asked Questions
What is pr-reviewer?
Automated GitHub PR code review with diff analysis, lint integration, and structured reports. Use when reviewing pull requests, checking for security issues,... It is an AI Agent Skill for Claude Code / OpenClaw, with 7413 downloads so far.
How do I install pr-reviewer?
Run "/install pr-reviewer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is pr-reviewer free?
Yes, pr-reviewer is completely free (open-source). You can download, install and use it at no cost.
Which platforms does pr-reviewer support?
pr-reviewer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created pr-reviewer?
It is built and maintained by Brian Colinger (@briancolinger); the current version is v1.0.1.
More Skills