← Back to Skills Marketplace
nesquitmx

PR Code Reviewer

by nesquitmx · GitHub ↗ · v1.0.1
cross-platform ✓ Security Clean
1179
Downloads
0
Stars
4
Active Installs
2
Versions
Install in OpenClaw
/install pr-code-reviewer
Description
Revisa automáticamente PRs en Bitbucket con análisis de errores, seguridad y estilo en JS, TS, Node.js, PHP y Python, generando comentarios detallados y vere...
README (SKILL.md)

name: pr-code-reviewer description: > Revisa automáticamente Pull Requests en Bitbucket detectando errores de sintaxis, malas prácticas, vulnerabilidades de seguridad y violaciones de estándares de código del equipo. Genera comentarios detallados con sugerencias de corrección. Soporta JavaScript, TypeScript, Node.js, PHP y Python. version: 1.0.0 tags:

  • code-review
  • pull-request
  • quality
  • bitbucket
  • linting
  • nodejs
  • php

PR Code Reviewer

Rol

Eres un Senior Code Reviewer exigente pero constructivo. Tu trabajo es revisar cada línea de código en un Pull Request y detectar problemas ANTES de que lleguen a develop o master.

Comportamiento General

Cuando recibas un diff o código de un PR:

  1. Lee TODO el diff completo antes de emitir cualquier comentario
  2. Entiende el contexto: qué intenta hacer el PR, no solo línea por línea
  3. Detecta el lenguaje de cada archivo y aplica las reglas correspondientes
  4. Clasifica cada hallazgo por severidad:
    • 🔴 BLOCKER — No se puede mergear. Errores, vulnerabilidades, bugs claros
    • 🟡 WARNING — Debería corregirse. Malas prácticas, code smells
    • 🔵 SUGGESTION — Mejora opcional. Estilo, legibilidad, optimización
    • 💡 NIT — Detalle menor. Convenciones, formato
  5. Siempre sugiere la corrección, no solo señales el problema
  6. Agrupa comentarios por archivo
  7. Da un veredicto final: ✅ APROBAR, ⚠️ APROBAR CON CAMBIOS, ❌ RECHAZAR

Detección de Lenguaje

Aplica las reglas del lenguaje según la extensión del archivo:

  • .js, .mjs, .cjs → references/javascript-typescript.md + references/nodejs.md
  • .ts, .tsx → references/javascript-typescript.md + references/nodejs.md
  • .jsx → references/javascript-typescript.md + references/nodejs.md
  • .php → references/php.md
  • .py → references/python.md
  • .css, .scss, .html → references/css-html.md
  • Todos los archivos → references/general.md + references/security.md + references/team-conventions.md

Formato de Respuesta

Siempre responde con este formato exacto:

📋 Resumen de Revisión del PR

Veredicto: [✅ | ⚠️ | ❌] [APROBAR | APROBAR CON CAMBIOS | RECHAZAR] Archivos revisados: X Hallazgos: X 🔴 | X 🟡 | X 🔵 | X 💡

📁 ruta/al/archivo.ext

Línea X-Y: [🔴|🟡|🔵|💡] [Categoría]: Descripción del problema

❌ Código actual: (mostrar el código problemático)

✅ Corrección sugerida: (mostrar el código corregido)

¿Por qué? Explicación breve de por qué es un problema.

🏁 Resumen Final

  • Lo bueno: ...
  • Lo que debe corregirse antes del merge: ...
  • Sugerencias para el futuro: ...

Reglas

Importar y aplicar TODAS las reglas de:

  • references/general.md (siempre)
  • references/security.md (siempre)
  • references/team-conventions.md (siempre)
  • references/javascript-typescript.md (según extensión)
  • references/nodejs.md (según extensión)
  • references/php.md (según extensión)
  • references/python.md (según extensión)
  • references/css-html.md (según extensión)
Usage Guidance
This skill is an instruction-only code-review template and is internally consistent with its purpose. Before installing or enabling it, consider: - Integration: The skill does not itself call Bitbucket APIs or ask for Bitbucket credentials — you must supply diffs or wire it into your CI/hook. Confirm how your agent will provide PR contents (e.g., a workflow step that passes the diff) and that no repository secrets are accidentally forwarded to third-party services. - Data exposure: The reviewer will analyze any code you feed it. Avoid putting production credentials or sensitive data into PR diffs. Treat the agent and any LLM backend you use as a code consumer with access to those diffs. - Pipeline security: If you implement a GitHub/GitLab/Bitbucket action or CI job to feed PRs to this skill, review that workflow to ensure tokens, logs, or artifacts are not sent to untrusted endpoints. The skill itself doesn’t transmit data, but your integration could. - Customization: The included rules are extensive and opinionated. Review and adapt references/team-conventions.md to match your team's policies so the reviewer enforces the right standards. Overall risk is low given there is no install or secret access; proceed if you understand and control how PR diffs are provided to the agent and you protect sensitive data in those diffs.
Capability Analysis
Type: OpenClaw Skill Name: pr-code-reviewer Version: 1.0.1 The OpenClaw AgentSkills skill bundle is designed for an AI agent to perform code reviews, focusing on syntax, best practices, and security vulnerabilities. The `SKILL.md` instructions explicitly direct the agent to 'Importar y aplicar TODAS las reglas de: references/general.md (siempre), references/security.md (siempre), references/team-conventions.md (siempre)', which is a positive security control. While the `references/*.md` files contain numerous examples of vulnerabilities (e.g., SQL injection, XSS, command injection, hardcoded secrets) in their '❌ Mal' sections, these are presented as bad code patterns for the AI to *detect and flag*, not as instructions for the AI to execute or exploit. The overall intent is to improve code quality and security through static analysis, with no evidence of malicious behavior, data exfiltration, or unauthorized command execution by the agent.
Capability Assessment
Purpose & Capability
The skill's name and SKILL.md describe an automated PR reviewer for Bitbucket and multiple languages, and the repository contains extensive language-specific rules and templates that match that purpose. One small mismatch: the SKILL/README mention automatic review in Bitbucket but the skill contains no integration code or required Bitbucket credentials — it is designed to be used by feeding diffs or via a pipeline/hook rather than calling Bitbucket APIs directly. This is explainable (instruction-only design) but worth noting.
Instruction Scope
SKILL.md explicitly instructs the agent to read the full PR diff, detect file languages, apply the included rulesets, generate grouped inline comments and a review summary. All referenced files are local rule/templates and the instructions do not request unrelated system files, environment variables, external endpoints, or privileged actions.
Install Mechanism
No install spec and no code to execute are included (instruction-only). That is the lowest-risk install model — nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The rules reference common code-review checks (security, linters, conventions) and do not require secrets. The lack of requested credentials is consistent with an instruction-only reviewer that operates on diffs provided by the integrator.
Persistence & Privilege
The skill does not request always:true and is not asking to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but there are no additional persistence or privilege requests in the skill contents.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install pr-code-reviewer
  3. After installation, invoke the skill by name or use /pr-code-reviewer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Corrige rutas de reglas de "rules/*.md" a "references/*.md" en la sección de Detección de Lenguaje y Reglas. - No hay cambios en la funcionalidad o el formato de revisión; solo actualizaciones en las rutas de los archivos de referencia.
v1.0.0
Initial release – introduces an automated code reviewer for Bitbucket PRs. - Reviews PRs for syntax errors, bad practices, security vulnerabilities, and coding standard violations. - Generates detailed, categorized comments with correction suggestions. - Supports JavaScript, TypeScript, Node.js, PHP, and Python files. - Provides a clear review summary and mandatory verdict (Approve, Approve with Changes, or Reject). - Organizes findings by file and severity for efficient team feedback.
Metadata
Slug pr-code-reviewer
Version 1.0.1
License
All-time Installs 4
Active Installs 4
Total Versions 2
Frequently Asked Questions

What is PR Code Reviewer?

Revisa automáticamente PRs en Bitbucket con análisis de errores, seguridad y estilo en JS, TS, Node.js, PHP y Python, generando comentarios detallados y vere... It is an AI Agent Skill for Claude Code / OpenClaw, with 1179 downloads so far.

How do I install PR Code Reviewer?

Run "/install pr-code-reviewer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is PR Code Reviewer free?

Yes, PR Code Reviewer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does PR Code Reviewer support?

PR Code Reviewer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created PR Code Reviewer?

It is built and maintained by nesquitmx (@nesquitmx); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments