← Back to Skills Marketplace
alirezarezvani

pr-review-expert

by Alireza Rezvani · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
357
Downloads
0
Stars
3
Active Installs
2
Versions
Install in OpenClaw
/install pr-review-expert
Description
PR Review Expert
Usage Guidance
This skill is an instruction-only PR reviewer that uses local CLIs and runs tests. Before installing or running it: 1) Verify the agent environment has the expected tools (gh, glab, jq, grep, node/python runtimes) and understand that the skill did not declare them. 2) Never run repository tests on a host with sensitive data — run them in an isolated sandbox or CI runner because tests can execute arbitrary code and make network calls. 3) Ensure any GitHub/GitLab tokens the CLIs use are limited-scope and rotated. 4) Review the grep patterns and coverage rules to avoid false positives and accidental secret scanning/exfiltration. 5) If you prefer lower risk, require the skill to operate on a provided diff file (read-only) rather than executing tests or use a CI job to produce coverage artifacts which the skill can analyze.
Capability Analysis
Type: OpenClaw Skill Name: pr-review-expert Version: 1.0.0 The skill provides a comprehensive framework for PR reviews but includes high-risk instructions such as executing local tests (`npm test`, `pytest`) on untrusted code and utilizing sensitive API tokens (`JIRA_API_TOKEN`, `LINEAR_API_KEY`) via shell commands in SKILL.md. While these capabilities are aligned with the stated purpose, the inherent risk of Remote Code Execution (RCE) from malicious pull requests and the handling of secrets in a shell environment warrant a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description align with the instructions: fetching PR diffs, scanning them, and producing review findings is expected. However, the SKILL.md assumes presence of gh, glab, jq, grep, npm, pytest, and test harnesses, but the registry metadata lists no required binaries or environment variables. This mismatch (implicit dependency on CLIs and auth) is notable.
Instruction Scope
Instructions perform local fetches of diffs, grep-based static checks, and explicitly run test commands (npm test, pytest) and coverage tools. Running repo tests can execute arbitrary repository code and trigger network/side effects; while relevant to thorough PR review, it increases risk and should be done only in a sandbox or CI environment. The instructions also read and write /tmp diffs and scan for secrets — those actions are in-scope but sensitive.
Install Mechanism
There is no install spec (instruction-only), which minimizes supply-chain risk. The trade-off is that the instructions depend on the agent environment having the necessary CLIs and language runtimes available.
Credentials
No environment variables or credentials are declared, which is good for limiting access. However, the SKILL.md implicitly expects authenticated gh/glab CLIs (which typically use stored tokens or config files). The skill does not request or document these credentials, so you must ensure appropriate, least-privilege tokens are available if the agent will call those CLIs.
Persistence & Privilege
The skill does not request persistent presence (always is false) and does not attempt to modify other skills or system-wide settings. It appears to be invoked only when called.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install pr-review-expert
  3. After installation, invoke the skill by name or use /pr-review-expert
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial publish
v2.1.1
v2.1.1: optimization, reference splits
Metadata
Slug pr-review-expert
Version 1.0.0
License MIT-0
All-time Installs 3
Active Installs 3
Total Versions 2
Frequently Asked Questions

What is pr-review-expert?

PR Review Expert. It is an AI Agent Skill for Claude Code / OpenClaw, with 357 downloads so far.

How do I install pr-review-expert?

Run "/install pr-review-expert" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is pr-review-expert free?

Yes, pr-review-expert is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does pr-review-expert support?

pr-review-expert is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created pr-review-expert?

It is built and maintained by Alireza Rezvani (@alirezarezvani); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments