功能描述

Fetch review comments from a PR and evaluate with receive-feedback skill

使用说明 (SKILL.md)

Fetch PR Feedback

Name: Fetch Pr Feedback
Author: anderskev

Fetch review comments from all reviewers on the current PR, format them, and evaluate using the receive-feedback skill. Excludes the PR author and current user by default.

Usage

/beagle-core:fetch-pr-feedback [--pr \x3Cnumber>] [--include-author]

Flags:

--pr \x3Cnumber> - PR number to target (default: current branch's PR)
--include-author - Include PR author's own comments (default: excluded)

Instructions

1. Parse Arguments

Extract flags from $ARGUMENTS:

--pr \x3Cnumber> or detect from current branch
--include-author flag (boolean, default false)

2. Get PR Context

# If --pr was specified, use that number directly
# Otherwise, get PR for current branch:
gh pr view --json number,headRefName,url,author --jq '{number, headRefName, url, author: .author.login}'

# Get repo owner/name
gh repo view --json owner,name --jq '{owner: .owner.login, name: .name}'

# Get current authenticated user
gh api user --jq '.login'

Store as $PR_NUMBER, $PR_AUTHOR, $OWNER, $REPO, $CURRENT_USER.

Note: $OWNER, $REPO, etc. are placeholders. Substitute actual values from previous steps.

If no PR exists for current branch, fail with: "No PR found for current branch. Use --pr to specify a PR number."

3. Fetch Comments

Fetch both types of comments, excluding $PR_AUTHOR and $CURRENT_USER (unless --include-author is set). Use --paginate with jq -s to combine paginated JSON arrays into one.

Write jq filters to temp files using heredocs with single-quoted delimiters (prevents shell escaping issues with !=, regex patterns, and angle brackets):

Issue comments (summary/walkthrough posts):

cat > /tmp/issue_comments.jq \x3C\x3C 'JQEOF'
def clean_body:
  gsub("\x3C!-- suggestion_start -->.*?\x3C!-- suggestion_end -->"; ""; "s")
  | gsub("\x3C!--.*?-->"; ""; "s")
  | gsub("\x3Cdetails>\\s*\x3Csummary>\\s*🧩 Analysis chain[\\s\\S]*?\x3C/details>"; ""; "s")
  | gsub("\x3Cdetails>\\s*\x3Csummary>\\s*🤖 Prompt for AI Agents[\\s\\S]*?\x3C/details>"; ""; "s")
  | gsub("\x3Cdetails>\\s*\x3Csummary>\\s*📝 Committable suggestion[\\s\\S]*?\x3C/details>"; ""; "s")
  | gsub("\x3Cdetails>\\s*\x3Csummary>Past reviewee.*?\x3C/details>"; ""; "s")
  | gsub("\x3Cdetails>\\s*\x3Csummary>Recent review details[\\s\\S]*?\x3C/details>"; ""; "s")
  | gsub("\x3Cdetails>\\s*\x3Csummary>\\s*Tips\\b.*?\x3C/details>"; ""; "s")
  | gsub("\\
?---\\
[\\s\\S]*$"; ""; "s")
  | gsub("^\\s+|\\s+$"; "")
  | if length > 4000 then .[:4000] + "\
\
[comment truncated]" else . end
;
[(add // []) | .[] | select(
  .user.login != $pr_author and
  .user.login != $current_user
)] |
map({id, user: .user.login, body: (.body | clean_body), created_at})
JQEOF

gh api --paginate "repos/$OWNER/$REPO/issues/$PR_NUMBER/comments" | \
  jq -s --arg pr_author "$PR_AUTHOR" --arg current_user "$CURRENT_USER" \
  -f /tmp/issue_comments.jq

Review comments (line-specific):

cat > /tmp/review_comments.jq \x3C\x3C 'JQEOF'
def clean_body:
  gsub("\x3C!-- suggestion_start -->.*?\x3C!-- suggestion_end -->"; ""; "s")
  | gsub("\x3C!--.*?-->"; ""; "s")
  | gsub("\x3Cdetails>\\s*\x3Csummary>\\s*🧩 Analysis chain[\\s\\S]*?\x3C/details>"; ""; "s")
  | gsub("\x3Cdetails>\\s*\x3Csummary>\\s*🤖 Prompt for AI Agents[\\s\\S]*?\x3C/details>"; ""; "s")
  | gsub("\x3Cdetails>\\s*\x3Csummary>\\s*📝 Committable suggestion[\\s\\S]*?\x3C/details>"; ""; "s")
  | gsub("\x3Cdetails>\\s*\x3Csummary>Past reviewee.*?\x3C/details>"; ""; "s")
  | gsub("\x3Cdetails>\\s*\x3Csummary>Recent review details[\\s\\S]*?\x3C/details>"; ""; "s")
  | gsub("\x3Cdetails>\\s*\x3Csummary>\\s*Tips\\b.*?\x3C/details>"; ""; "s")
  | gsub("\\
?---\\
[\\s\\S]*$"; ""; "s")
  | gsub("^\\s+|\\s+$"; "")
  | if length > 4000 then .[:4000] + "\
\
[comment truncated]" else . end
;
[(add // []) | .[] | select(
  .user.login != $pr_author and
  .user.login != $current_user
)] |
map({
  id,
  user: .user.login,
  path,
  line_display: (
    .line as $end | .start_line as $start |
    if $start and $start != $end then "\($start)-\($end)"
    else "\($end // .original_line)" end
  ),
  body: (.body | clean_body),
  created_at
})
JQEOF

gh api --paginate "repos/$OWNER/$REPO/pulls/$PR_NUMBER/comments" | \
  jq -s --arg pr_author "$PR_AUTHOR" --arg current_user "$CURRENT_USER" \
  -f /tmp/review_comments.jq

If --include-author is set, omit the --arg pr_author parameter and the .user.login != $pr_author condition from both jq filter files. Keep the $current_user exclusion either way.

4. Format Feedback Document

Noise stripping — handled by the clean_body jq function in Step 3. Order matters: \x3C!-- suggestion_start -->...\x3C!-- suggestion_end --> blocks are removed first, then remaining HTML comments, then known-noise \x3Cdetails> blocks (Analysis chain, Prompt for AI Agents, Committable suggestion, Past reviewee, Recent review details, Tips), and finally the --- footer boilerplate. The \x3Cdetails> blocks must be stripped before the --- footer pattern because bot analysis chains contain --- separators that would otherwise truncate the actual finding. Substantive \x3Cdetails> blocks (e.g. "Suggested fix", "Proposed fix") are preserved. Comments exceeding 4000 chars after stripping are truncated with a [comment truncated] marker.

Group by reviewer — organize the formatted output by reviewer username:

# PR #$PR_NUMBER Review Feedback

## Reviewer: coderabbitai[bot]

### Summary Comments
[Issue comments from this reviewer, each separated by ---]

### Line-Specific Comments
[Review comments from this reviewer, each formatted as:]

**File: `path/to/file.ts:42`**
[cleaned comment body]

---

## Reviewer: another-reviewer

### Summary Comments
...

### Line-Specific Comments
...

If no comments found from any reviewer, output: "No review comments found on this PR (excluding PR author and current user)."

5. Evaluate with receive-feedback

Use the Skill tool to load the receive-feedback skill: Skill(skill: "beagle-core:receive-feedback")

Then process the formatted feedback document:

Parse each actionable item from the formatted document
Process each item through verify → evaluate → execute
Produce structured response summary

Example

# Fetch all reviewer comments on current branch's PR (default)
/beagle-core:fetch-pr-feedback

# Fetch from a specific PR
/beagle-core:fetch-pr-feedback --pr 123

# Include PR author's own comments
/beagle-core:fetch-pr-feedback --include-author

# Combined
/beagle-core:fetch-pr-feedback --pr 456 --include-author

安全使用建议

Before installing or running this skill: (1) Note that SKILL.md requires the GitHub CLI (gh) and jq and an authenticated gh session, but the skill metadata doesn't declare those requirements—confirm gh and jq are installed and that your GH CLI is authenticated. (2) Be aware the skill will use your existing GH CLI credentials to read PRs, issues, and user info; run it only if you're comfortable with that access, or test with a low-privilege account/repo. (3) Ask the author to update the skill metadata to list required binaries (gh, jq) and to document any required GH token scopes. (4) The instructions create temporary files in /tmp and truncate long comments; review the full SKILL.md (it appears truncated) and confirm how it calls the receive-feedback skill and what data that downstream skill will receive. (5) If you need a stricter review, request a complete SKILL.md and an explicit list of required binaries and env variables from the publisher.

功能分析

Type: OpenClaw Skill Name: fetch-pr-feedback Version: 1.1.4 The skill fetches and processes GitHub Pull Request comments using 'gh' and 'jq', then instructs the agent to 'execute' actionable items found in those comments via the 'receive-feedback' skill. While it includes defensive measures in SKILL.md to strip known bot-generated noise and potential prompt injection blocks (e.g., 'Prompt for AI Agents'), the core workflow of executing untrusted input from external PR comments represents a high-risk behavior (potential RCE). The use of temporary files in /tmp to store jq filters and the direct instruction to 'execute' external data warrant a suspicious classification despite the lack of clear malicious intent.

能力评估

⚠ Purpose & Capability

The skill's stated goal is to fetch PR review comments and evaluate them with another skill; the runtime instructions use gh and jq and expect an authenticated GH CLI session. However the registry metadata lists no required binaries or environment variables. Declaring no requirements is inconsistent with what the SKILL.md actually needs.

ℹ Instruction Scope

The SKILL.md stays within the stated purpose: it fetches issue and review comments, strips noise via jq filters, groups by reviewer, and prepares a document for another skill. It writes temporary jq scripts to /tmp and reads $ARGUMENTS and GH API output. There are no instructions to read unrelated local files or to send data to unexpected external endpoints, but it will use whatever GitHub credentials are available to the gh CLI.

✓ Install Mechanism

This is an instruction-only skill with no install spec or code files, which is lower risk. Nothing will be downloaded or written permanently by an installer step.

⚠ Credentials

The skill does not declare required environment variables, yet it relies on the gh CLI being present and authenticated (which implicitly uses the user's GitHub credentials/config). That means the skill will run with whatever GitHub access the user's CLI already has. The absence of an explicit requirement for GitHub credentials or for gh/jq is an incoherence that could surprise users.

✓ Persistence & Privilege

The skill is not always-enabled (always: false) and is user-invocable only; disable-model-invocation is true which prevents autonomous model invocation. That limits its blast radius and is appropriate for a tool that accesses user GitHub data.

版本历史

v1.1.4

- Adds detailed instructions for fetching, cleaning, and grouping GitHub PR review comments. - Supports new `--pr <number>` and `--include-author` flags for flexible PR targeting and author inclusion. - Improves comment noise-stripping to handle bot/generated content and large comments for concise feedback. - Formats feedback by grouping reviewer comments into summary and line-specific sections. - Returns early if no relevant comments are found. - Integrates with the receive-feedback skill to evaluate and process actionable review feedback.

元数据

Slug fetch-pr-feedback

版本 1.1.4

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题