← Back to Skills Marketplace
PR Reviewer
by
Lnguyen1996
· GitHub ↗
· v1.0.0
· MIT-0
157
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install pull-request-reviewer
Description
Reviews pull requests by detecting logic bugs, security risks, test gaps, API changes, and style issues, providing a structured report prioritizing block mer...
README (SKILL.md)
pr-reviewer
Description
Review pull requests and code diffs across any language. Finds logic bugs, missing tests, security holes, breaking API changes, and naming problems before they merge. Returns a structured report: block-merge issues first, then warnings, then style suggestions.
Use when
- "review my PR"
- "check this diff"
- "is this PR mergeable"
- "what's wrong with this change"
- "code review"
- Any git diff, patch file, or PR description paste
Supported languages
Any language with a git diff. Specialised checklist for: Python, JavaScript/TypeScript, C#, Go, Rust, Java/Kotlin, SQL migrations.
Input
Paste one of:
- A git diff (
git diff main...feature-branch) - A GitHub/GitLab PR URL (if accessible)
- Raw code with a description of what it changes
Optionally specify: target branch, framework, whether this is a library (breaking changes matter more) or an app.
Output format
## PR Review
### Block Merge
- [Finding] — [why this must be fixed before merging]
✗ Problem: [problematic code]
✓ Fix: [corrected code]
### Warnings (fix before next release)
- [Finding] — [explanation]
### Suggestions (style / future-proofing)
- [Finding] — [explanation]
### Approved
- [Specific patterns done right — always include at least one]
### Summary
[2–3 sentences: biggest risk, top fix, overall verdict (merge / fix first / needs major work)]
Review checklist
Logic & correctness
- Off-by-one errors in loops or slices
- Null/nil dereference without guard
- Incorrect error handling (swallowed, wrong type checked)
- Wrong variable captured in closure/lambda
- Race condition introduced (shared mutable state, no lock)
- Missing edge case (empty input, zero value, max value)
Security
- User input used without sanitisation (SQL, shell, HTML)
- Secret or credential added to source (API key, password, token)
- Insecure deserialization
- Overly permissive CORS / auth bypass
- Path traversal risk
Tests
- New behaviour with zero test coverage
- Test that only tests the happy path (no error case)
- Mock that makes the test vacuously pass
- Missing assertion (test calls but never asserts)
API / interface
- Public method signature changed without deprecation
- Required parameter added to existing public function
- Return type narrowed or widened unexpectedly
- Serialised field renamed (breaks existing clients)
Performance
- N+1 query introduced
- Unbounded loop over user-supplied collection
- Synchronous I/O in async context
- Large allocation in hot path
Style
- Inconsistent naming with surrounding code
- Dead code left in (commented-out blocks, unused variables)
- TODO left without ticket reference
- Misleading variable/function name
Severity definitions
- Block Merge: Correctness bug, security hole, data loss risk, or breaking API change — must be fixed
- Warning: Performance issue, missing test coverage, or hard-to-debug behavior — fix before release
- Suggestion: Style, clarity, or maintainability improvement — up to the author
Self-improvement instructions
After each review, note the most common finding category (logic, security, tests, API, performance, style). After 20 reviews, surface the top 3 patterns as "Most common PR issues in [language]" to help users learn, not just fix.
Usage Guidance
This skill is coherent and instruction-only — it does what it says: reviews diffs and PRs. Before using: do not paste private tokens, passwords, or other secrets into the diff or code you submit; expect that GitHub/GitLab URLs for private repos will not be reviewed unless the agent/environment already has network access and appropriate credentials; and note the self-improvement feature implies counting reviews across runs but no storage is provided — if you need persistent metrics, provide a secure storage mechanism or avoid relying on that feature.
Capability Analysis
Type: OpenClaw Skill
Name: pull-request-reviewer
Version: 1.0.0
The pull-request-reviewer skill is a standard code analysis tool designed to review git diffs and provide structured feedback on logic, security, and style. The instructions in SKILL.md are well-defined, focusing on identifying common vulnerabilities (like SQL injection and hardcoded secrets) and providing helpful suggestions without any evidence of malicious intent, data exfiltration, or prompt-injection attacks.
Capability Assessment
Purpose & Capability
Name, description, and required inputs (git diffs, PR URLs, raw code) align with a code-review skill. It does not request unrelated binaries, credentials, or config paths.
Instruction Scope
SKILL.md stays within the review scope (logic, security, tests, API, perf, style). Two minor notes: (1) it accepts GitHub/GitLab PR URLs 'if accessible' — the document doesn't request credentials, so private PRs won't be reachable unless the agent/environment already has network access and auth; (2) the 'self-improvement' step implies tracking counts across reviews but gives no storage mechanism (see persistence).
Install Mechanism
No install spec and no code files — instruction-only skill, so nothing is written to disk or downloaded during install.
Credentials
The skill requires no environment variables or credentials. Users should avoid pasting secrets or private tokens in diffs/code they submit, since the skill explicitly flags 'secret or credential added to source'.
Persistence & Privilege
always:false and no explicit persistence are appropriate. The 'after 20 reviews, surface top 3 patterns' instruction implies maintaining state across sessions; the SKILL.md does not specify where/how to store that state, so either the agent will not persist it or it may try to use external storage if available. This is a capability gap to be aware of but not inherently malicious.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pull-request-reviewer - After installation, invoke the skill by name or use
/pull-request-reviewer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of pull-request-reviewer skill.
- Reviews pull requests and code diffs for logic bugs, missing tests, security holes, breaking API changes, and naming issues across any language.
- Provides structured reports with prioritized sections: block-merge issues, warnings, suggestions, approvals, and summary.
- Specialized review checklists for major languages (e.g., Python, JavaScript/TypeScript, C#, Go, Rust, Java/Kotlin, SQL migrations).
- Designed to help users identify and fix the most critical problems before merging.
- Tracks and surfaces common review issue patterns to aid learning over time.
Metadata
Frequently Asked Questions
What is PR Reviewer?
Reviews pull requests by detecting logic bugs, security risks, test gaps, API changes, and style issues, providing a structured report prioritizing block mer... It is an AI Agent Skill for Claude Code / OpenClaw, with 157 downloads so far.
How do I install PR Reviewer?
Run "/install pull-request-reviewer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is PR Reviewer free?
Yes, PR Reviewer is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does PR Reviewer support?
PR Reviewer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created PR Reviewer?
It is built and maintained by Lnguyen1996 (@lnguyen1996); the current version is v1.0.0.
More Skills