← Back to Skills Marketplace
Structured PR Review
by
Grace Gettert
· GitHub ↗
· v0.1.0
· MIT-0
69
Downloads
2
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install structured-pr-review
Description
Structured PR code review with layered analysis and severity tiers. Two modes: (1) Giving reviews — walk through security, correctness, conventions, IaC, and...
README (SKILL.md)
Structured PR Review
Two modes: giving reviews and addressing review comments. No external dependencies — uses gh CLI only.
Giving Reviews
When asked to review or check a PR:
- Fetch the PR details and full diff
- Walk through each review layer in order (see references/review-layers.md):
- Security — secrets, injection, auth, exposure
- Correctness — logic errors, edge cases, error handling
- Conventions — team standards (customize via references/conventions.md)
- IaC — Terraform/CloudFormation checks (customize via references/iac-checklist.md)
- Testing — coverage, new code has tests
- Produce a structured verdict with severity tiers
Key principles:
- Be direct — "this approach has problems" beats "interesting choice"
- Every issue includes what to fix, not just what's wrong
- Acknowledge what the PR does well
- When in doubt on severity, go one level lower
See references/review-layers.md for the full framework and verdict format.
Addressing Review Comments
When asked to address, fix, or respond to PR feedback:
- Fetch all review comments (inline + review-level)
- Fix each issue or document why not
- Reply to every comment — none left unacknowledged
- Resolve threads, update PR description, push
See references/addressing-workflow.md for the step-by-step workflow.
Key rules:
- Never leave comments unacknowledged — reply to every one
- Always update the PR description after making changes
- Verify the PR is actually merged before closing linked issues
Customization
This skill ships with generic review layers. Customize for your team:
- references/conventions.md — coding conventions, commit format, naming rules. Ships with common defaults — customize for your team.
- references/iac-checklist.md — add your IaC-specific checks (required tags, allowed regions, provider pins). Ships with common Terraform patterns — extend for your org.
References
- references/review-layers.md — review framework, severity tiers, verdict format
- references/addressing-workflow.md — comment handling, thread resolution
- references/conventions.md — your team's conventions (customizable)
- references/iac-checklist.md — IaC review checklist (customizable)
Works Well With
- terraform-skill (antonbabenko) — Terraform authoring best practices, module patterns, testing strategies
- conventional-commits — commit message format conventions (useful when addressing reviews)
- github (built-in) — general
ghCLI operations for PRs, issues, and CI runs - gh-issues (built-in) — automated PR monitoring and review spawning
Usage Guidance
This skill is coherent for reviewing and addressing PRs, but it will make changes: it clones repos, edits files, commits, pushes, posts replies, and resolves threads using the gh CLI. Before installing/using: (1) ensure the environment running the agent has gh and git installed and a GitHub login configured; (2) verify the GitHub token/credentials used by gh have the minimum scopes needed (repo access only as required) and are not organization-wide admin tokens; (3) prefer using review-only (giving reviews) unless you explicitly want the agent to push fixes — test addressing-mode on a fork or test repo first; (4) if you plan to allow autonomous invocation, require an approval step before any push/merge/resolve actions; (5) audit commits/pushes created by the agent and rotate tokens if unexpected changes occur.
Capability Analysis
Type: OpenClaw Skill
Name: structured-pr-review
Version: 0.1.0
The skill provides a structured framework for conducting and addressing GitHub Pull Request reviews using the `gh` CLI. It includes comprehensive checklists for security, correctness, and Infrastructure as Code (IaC) across files like `references/review-layers.md` and `references/iac-checklist.md`. The operations (fetching diffs, posting comments, and pushing commits) are transparently documented and align strictly with the stated purpose of PR management without any signs of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
The name/description (structured PR review, two modes) matches the instructions and reference files. All declared capabilities (fetch PR, walk review layers, reply/resolve, push fixes) are relevant to the stated purpose; there are no unrelated requirements (no unexpected cloud keys, weird binaries, or network endpoints).
Instruction Scope
The SKILL.md and references explicitly instruct the agent to clone repositories, checkout PR branches, modify files, commit, push, post replies, and resolve review threads via gh API/GraphQL. That is within the 'addressing reviews' mode, but it grants the skill permission to make and push changes to repositories and to mark threads resolved. Users should be aware that addressing mode is not read-only: it performs write operations on the target repo.
Install Mechanism
Instruction-only skill with no install spec and no bundled code. This minimizes disk-installed risk; it relies on the system-provided gh CLI and git being available.
Credentials
No environment variables are declared, but the skill implicitly requires a configured gh/git environment (authenticated gh session or git credentials) with sufficient scopes to read/clone, comment, resolve threads, and push branches. The skill does not request unrelated credentials, but users must ensure the agent's GitHub credential/token has appropriate (least-privilege) scopes before use.
Persistence & Privilege
always:false (good). The skill can perform autonomous actions (disable-model-invocation:false is normal), and those actions include pushing commits and resolving threads. If the agent is allowed to invoke skills autonomously, this write capability increases blast radius — consider requiring user confirmation before making push/resolve operations or restricting the skill to review-only for less risk.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install structured-pr-review - After installation, invoke the skill by name or use
/structured-pr-review - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release — 5-layer review framework, severity tiers, addressing workflow, customizable conventions and IaC checklist
Metadata
Frequently Asked Questions
What is Structured PR Review?
Structured PR code review with layered analysis and severity tiers. Two modes: (1) Giving reviews — walk through security, correctness, conventions, IaC, and... It is an AI Agent Skill for Claude Code / OpenClaw, with 69 downloads so far.
How do I install Structured PR Review?
Run "/install structured-pr-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Structured PR Review free?
Yes, Structured PR Review is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Structured PR Review support?
Structured PR Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Structured PR Review?
It is built and maintained by Grace Gettert (@ggettert); the current version is v0.1.0.
More Skills