← 返回 Skills 市场
ai-pr-doctor
作者
zlszhonglongshen
· GitHub ↗
· v1.0.0
· MIT-0
59
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ai-pr-doctor
功能描述
AI PR 医生 - 自动诊断 GitHub PR 问题、修复 Bug、生成修复报告的端到端工作流。触发词:PR 诊疗、代码审查、修复 PR、PR 医生、自动合并。
使用说明 (SKILL.md)
AI PR 医生 (ai-pr-doctor)
GitHub PR → AI 代码审查 → 自动修复 → 合并 → 修复报告 → 飞书通知
🎯 解决痛点
- ❌ 团队 PR 堆积,没人及时 review
- ❌ 代码审查耗时,漏掉潜在 bug
- ❌ 简单修复(格式、测试)手动操作太繁琐
- ❌ 合并后没有记录,不知道修了什么
💡 解决方案
GitHub PR 链接/编号
↓
┌──────────────────┐
│ github │ → gh pr view 获取 PR 信息 + 代码diff
└────────┬─────────┘
↓
┌──────────────────┐
│ code-review-skill│ → 5维度 AI 并行审查:CLAUDE.md合规、Bug审计、
└────────┬─────────┘ Git历史分析、过往PR评论、代码注释合规
↓
┌──────────────────┐
│ auto-pr-merger │ → 尝试自动修复 + 重跑测试 + 自动合并
└────────┬─────────┘
↓
┌──────────────────┐
│ feishu_doc │ → 生成修复报告并发布至飞书文档
└──────────────────┘
📦 包含 Skills
| Skill | 作用 | 调用顺序 |
|---|---|---|
| github | 获取 PR 信息、代码diff、合并操作 | 1 |
| code-review-skill | 5维度 AI 并行代码审查 | 2 |
| auto-pr-merger | 自动修复 + 测试 + 合并 | 3 |
| feishu_doc | 生成诊疗报告并发布飞书 | 4 |
🔧 前置要求
- gh CLI 已安装并认证 (
gh auth status) - GitHub 仓库 可写(用于 auto-pr-merger push 修复)
- 飞书机器人 已配置 feishu_doc 权限
📝 使用方法
触发命令
/ai-pr-doctor \x3CPR_URL或编号>
诊断这个 PR
代码审查这个 PR
帮我看看这个 PR
完整命令
# 方式 1:通过 OpenClaw
openclaw run ai-pr-doctor --pr https://github.com/owner/repo/pull/123
# 方式 2:通过 cron 定时检查未合并的 PR
openclaw cron add \
--name "PR 待审查提醒" \
--schedule "0 10 * * 1-5" \
--skill ai-pr-doctor \
--params '{"mode":"check-pending","repo":"owner/repo"}'
🔄 工作流详情
Step 1: 获取 PR 信息
步骤: 1
技能: github
输入:
action: pr view
repo: ${repo_from_input}
pr_number: ${pr_number}
output: json
输出:
pr_title: ${title}
pr_body: ${body}
pr_state: ${state}
changed_files: ${files}
diff_url: ${diff_url}
author: ${user.login}
Step 2: AI 代码审查
步骤: 2
技能: code-review-skill
输入:
pr_url: ${pr_url}
review_dimensions:
- CLAUDE.md 合规性审查
- 浅层 Bug 扫描
- Git 历史上下文分析
- 过往 PR 评论对照
- 代码注释合规检查
output_format: structured_json
输出:
issues: ${issue_list}
severity_scores: ${scores}
review_summary: ${summary}
Step 3: 自动修复与合并
步骤: 3
技能: auto-pr-merger
输入:
pr: ${pr_url}
test: "npm test" # 可自定义测试命令
retries: 2
auto_merge_if_passed: true
输出:
fixed_files: ${files_modified}
test_results: ${test_output}
merge_result: ${merge_state}
Step 4: 生成修复报告
步骤: 4
技能: feishu_doc
输入:
action: create
title: "🔬 PR 诊疗报告 #${pr_number} | ${pr_title}"
content: ${report_markdown}
输出:
doc_url: ${docUrl}
doc_id: ${docId}
📊 输出示例:PR 诊疗报告
# 🔬 PR 诊疗报告 #123 | feat: 新增用户认证功能
**仓库**: owner/repo | **PR 链接**: https://github.com/owner/repo/pull/123
**作者**: @zhangsan | **审查时间**: 2026-04-25
---
## 📋 PR 概览
| 字段 | 值 |
|------|-----|
| 状态 | ✅ 已合并 |
| 文件变更 | +127 / -43 |
| 审查轮次 | 1 |
| 自动修复 | 2 处 |
---
## 🩺 AI 审查结果
### 🔴 严重问题 (2)
| # | 文件 | 行号 | 问题描述 |
|---|------|------|---------|
| 1 | src/auth/login.ts | L45 | SQL 注入风险:未使用参数化查询 |
| 2 | src/middleware/logger.ts | L12 | 敏感信息日志外泄 |
### 🟡 中等问题 (3)
| # | 文件 | 问题描述 |
|---|------|---------|
| 1 | src/auth/token.ts | Token 过期时间过长(30天,建议7天)|
| 2 | tests/login.test.ts | 测试覆盖率仅 45%,建议提升至 80% |
### 🟢 低优先级 (1)
| # | 问题 |
|---|------|
| 1 | 缺少 JSDoc 注释 |
---
## 🔧 自动修复记录
| 文件 | 修复内容 | 状态 |
|------|---------|------|
| src/utils/format.ts | Prettier 格式化 | ✅ |
| tests/login.test.ts | Jest 配置修复 | ✅ |
| src/auth/token.ts | Token 过期时间调整 | ⏭️ 跳过(需人工确认)|
---
## ✅ 合并结果
- **自动合并**: 成功
- **CI 状态**: 通过 🟢
- **审查通过**: 2/2 检查项
- **合并时间**: 2026-04-25 20:15 UTC
---
*由 AI PR Doctor 自动生成*
⚙️ 自定义配置
修改测试命令
编辑 workflow.json 中的 auto-pr-merger 配置:
{
"steps": [
{
"id": "step3_merge",
"skill": "auto-pr-merger",
"input": {
"test": "pytest tests/ -v",
"retries": 3
}
}
]
}
修改审查维度
{
"code_review": {
"dimensions": [
"security",
"performance",
"maintainability",
"test_coverage"
],
"severity_threshold": 50
}
}
⚠️ 注意事项
- 权限要求: auto-pr-merger 需要对仓库有写权限才能 push 修复
- 测试命令: 请根据实际项目修改测试命令,默认
npm test - 安全审查: 涉及安全的 PR 建议人工二次确认
- CI 依赖: 依赖 GitHub Actions 状态,建议开启 required checks
📞 故障排除
| 问题 | 原因 | 解决方案 |
|---|---|---|
| gh auth 失败 | 未登录 | 运行 gh auth login |
| 自动修复失败 | 代码冲突 | 手动解决冲突后重试 |
| PR 已被合并 | 无需处理 | 跳过此 PR |
| CI 未通过 | 测试失败 | 查看详细日志,手动修复 |
安全使用建议
Before installing, confirm the following: (1) The skill needs GitHub credentials with push/merge rights and Feishu bot/token access even though the registry metadata doesn't declare them — only grant least privilege (repo-scoped write, not org-wide). (2) Running tests (npm test, pytest, etc.) executes PR code; run the skill in an isolated environment or with strict sandboxing and required checks enabled to avoid executing malicious PR code or leaking secrets. (3) Consider disabling automatic merging (set auto_merge:false) or require a manual approval step for any change touching sensitive files. (4) Inspect and verify the referenced sub-skills (code-review-skill, auto-pr-merger, feishu_doc, github) — ensure they are trusted and their credential usage is appropriate. (5) Prefer using short-lived tokens, required checks on CI, audit logging, and testing the workflow on a staging repo first. Ask the author/maintainer to update the metadata to declare required binaries (gh) and required environment variables/credentials so you can review exact privileges requested.
功能分析
Type: OpenClaw Skill
Name: ai-pr-doctor
Version: 1.0.0
The bundle implements an automated GitHub PR 'doctor' workflow that includes high-risk capabilities such as executing arbitrary shell commands (via the 'test_command' input in workflow.json) and performing automated repository merges. While these behaviors are clearly aligned with the stated purpose in SKILL.md and README.md, the potential for remote code execution (RCE) if the test command is manipulated and the requirement for broad GitHub write permissions fall under the 'risky capabilities' threshold. No evidence of intentional malice, data exfiltration, or obfuscation was found across the analyzed files.
能力评估
Purpose & Capability
The name/description match the workflow (fetch PR, review, attempt fixes, run tests, merge, post report). It correctly composes other skills (github, code-review-skill, auto-pr-merger, feishu_doc). However, the SKILL.md and workflow mention prerequisites (gh CLI installed and authenticated, GitHub repo write permission, Feishu bot credentials) that are not declared in the registry metadata/requirements — an inconsistency that should be explained by the author.
Instruction Scope
The instructions orchestrate fetching PR diffs, running an AI review, performing automatic fixes, executing test commands (e.g., npm test or pytest), and pushing merges. Running untrusted repository code (tests/builds/scripts) and performing automated pushes/merges are high-impact actions. While these actions are coherent with the skill's stated purpose, they materially increase risk (execution of arbitrary code in PRs, possible exfiltration via tests/CI, unintended merges). The SKILL.md gives broad discretion to auto-pr-merger (auto_merge_if_passed) and cron-based bulk processing, which amplifies risk if credentials or safeguards aren't tightly scoped.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing is written to disk by the skill package itself.
Credentials
The workflow clearly requires GitHub authentication with write/push rights and Feishu credentials (bot/token/folder token), yet the registry metadata lists no required env vars or binaries. Inputs include a 'feishu_folder' token and rely on gh CLI being installed and authenticated, but these are not declared as required credentials. Missing declared credential requirements is an incoherence and makes it harder to assess least-privilege needs; it may lead users to supply overly broad tokens.
Persistence & Privilege
always:false (good), but the skill enables autonomous actions (default for skills) and includes an auto-merge step that will push changes and merge PRs when tests pass. Autonomous invocation plus the ability to push/merge and run repository tests increases blast radius if credentials are broad or the composed skills are untrusted. The workflow supports scheduled runs (cron), which could repeatedly operate across many PRs — again amplifying impact.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ai-pr-doctor - 安装完成后,直接呼叫该 Skill 的名称或使用
/ai-pr-doctor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
ai-pr-doctor 1.0.0 released — an end-to-end workflow for automated AI code review and PR repair.
- Automatically diagnoses GitHub PR issues, attempts fixes, generates detailed repair reports, and merges PRs.
- Supports multi-dimensional AI review (compliance, bugs, history, comments, annotation checks).
- Integrates with Feishu for automated repair report publishing.
- Triggered by commands or scheduled cron; provides flexible configuration for review and test commands.
- Designed to reduce PR backlog, speed up review, and ensure traceable fixes.
元数据
常见问题
ai-pr-doctor 是什么?
AI PR 医生 - 自动诊断 GitHub PR 问题、修复 Bug、生成修复报告的端到端工作流。触发词:PR 诊疗、代码审查、修复 PR、PR 医生、自动合并。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 59 次。
如何安装 ai-pr-doctor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-pr-doctor」即可一键安装,无需额外配置。
ai-pr-doctor 是免费的吗?
是的,ai-pr-doctor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
ai-pr-doctor 支持哪些平台?
ai-pr-doctor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 ai-pr-doctor?
由 zlszhonglongshen(@zlszhonglongshen)开发并维护,当前版本 v1.0.0。
推荐 Skills