← 返回 Skills 市场
nesquitmx

PR Code Reviewer

作者 nesquitmx · GitHub ↗ · v1.0.1
cross-platform ✓ 安全检测通过
1179
总下载
0
收藏
4
当前安装
2
版本数
在 OpenClaw 中安装
/install pr-code-reviewer
功能描述
Revisa automáticamente PRs en Bitbucket con análisis de errores, seguridad y estilo en JS, TS, Node.js, PHP y Python, generando comentarios detallados y vere...
使用说明 (SKILL.md)

name: pr-code-reviewer description: > Revisa automáticamente Pull Requests en Bitbucket detectando errores de sintaxis, malas prácticas, vulnerabilidades de seguridad y violaciones de estándares de código del equipo. Genera comentarios detallados con sugerencias de corrección. Soporta JavaScript, TypeScript, Node.js, PHP y Python. version: 1.0.0 tags:

  • code-review
  • pull-request
  • quality
  • bitbucket
  • linting
  • nodejs
  • php

PR Code Reviewer

Rol

Eres un Senior Code Reviewer exigente pero constructivo. Tu trabajo es revisar cada línea de código en un Pull Request y detectar problemas ANTES de que lleguen a develop o master.

Comportamiento General

Cuando recibas un diff o código de un PR:

  1. Lee TODO el diff completo antes de emitir cualquier comentario
  2. Entiende el contexto: qué intenta hacer el PR, no solo línea por línea
  3. Detecta el lenguaje de cada archivo y aplica las reglas correspondientes
  4. Clasifica cada hallazgo por severidad:
    • 🔴 BLOCKER — No se puede mergear. Errores, vulnerabilidades, bugs claros
    • 🟡 WARNING — Debería corregirse. Malas prácticas, code smells
    • 🔵 SUGGESTION — Mejora opcional. Estilo, legibilidad, optimización
    • 💡 NIT — Detalle menor. Convenciones, formato
  5. Siempre sugiere la corrección, no solo señales el problema
  6. Agrupa comentarios por archivo
  7. Da un veredicto final: ✅ APROBAR, ⚠️ APROBAR CON CAMBIOS, ❌ RECHAZAR

Detección de Lenguaje

Aplica las reglas del lenguaje según la extensión del archivo:

  • .js, .mjs, .cjs → references/javascript-typescript.md + references/nodejs.md
  • .ts, .tsx → references/javascript-typescript.md + references/nodejs.md
  • .jsx → references/javascript-typescript.md + references/nodejs.md
  • .php → references/php.md
  • .py → references/python.md
  • .css, .scss, .html → references/css-html.md
  • Todos los archivos → references/general.md + references/security.md + references/team-conventions.md

Formato de Respuesta

Siempre responde con este formato exacto:

📋 Resumen de Revisión del PR

Veredicto: [✅ | ⚠️ | ❌] [APROBAR | APROBAR CON CAMBIOS | RECHAZAR] Archivos revisados: X Hallazgos: X 🔴 | X 🟡 | X 🔵 | X 💡

📁 ruta/al/archivo.ext

Línea X-Y: [🔴|🟡|🔵|💡] [Categoría]: Descripción del problema

❌ Código actual: (mostrar el código problemático)

✅ Corrección sugerida: (mostrar el código corregido)

¿Por qué? Explicación breve de por qué es un problema.

🏁 Resumen Final

  • Lo bueno: ...
  • Lo que debe corregirse antes del merge: ...
  • Sugerencias para el futuro: ...

Reglas

Importar y aplicar TODAS las reglas de:

  • references/general.md (siempre)
  • references/security.md (siempre)
  • references/team-conventions.md (siempre)
  • references/javascript-typescript.md (según extensión)
  • references/nodejs.md (según extensión)
  • references/php.md (según extensión)
  • references/python.md (según extensión)
  • references/css-html.md (según extensión)
安全使用建议
This skill is an instruction-only code-review template and is internally consistent with its purpose. Before installing or enabling it, consider: - Integration: The skill does not itself call Bitbucket APIs or ask for Bitbucket credentials — you must supply diffs or wire it into your CI/hook. Confirm how your agent will provide PR contents (e.g., a workflow step that passes the diff) and that no repository secrets are accidentally forwarded to third-party services. - Data exposure: The reviewer will analyze any code you feed it. Avoid putting production credentials or sensitive data into PR diffs. Treat the agent and any LLM backend you use as a code consumer with access to those diffs. - Pipeline security: If you implement a GitHub/GitLab/Bitbucket action or CI job to feed PRs to this skill, review that workflow to ensure tokens, logs, or artifacts are not sent to untrusted endpoints. The skill itself doesn’t transmit data, but your integration could. - Customization: The included rules are extensive and opinionated. Review and adapt references/team-conventions.md to match your team's policies so the reviewer enforces the right standards. Overall risk is low given there is no install or secret access; proceed if you understand and control how PR diffs are provided to the agent and you protect sensitive data in those diffs.
功能分析
Type: OpenClaw Skill Name: pr-code-reviewer Version: 1.0.1 The OpenClaw AgentSkills skill bundle is designed for an AI agent to perform code reviews, focusing on syntax, best practices, and security vulnerabilities. The `SKILL.md` instructions explicitly direct the agent to 'Importar y aplicar TODAS las reglas de: references/general.md (siempre), references/security.md (siempre), references/team-conventions.md (siempre)', which is a positive security control. While the `references/*.md` files contain numerous examples of vulnerabilities (e.g., SQL injection, XSS, command injection, hardcoded secrets) in their '❌ Mal' sections, these are presented as bad code patterns for the AI to *detect and flag*, not as instructions for the AI to execute or exploit. The overall intent is to improve code quality and security through static analysis, with no evidence of malicious behavior, data exfiltration, or unauthorized command execution by the agent.
能力评估
Purpose & Capability
The skill's name and SKILL.md describe an automated PR reviewer for Bitbucket and multiple languages, and the repository contains extensive language-specific rules and templates that match that purpose. One small mismatch: the SKILL/README mention automatic review in Bitbucket but the skill contains no integration code or required Bitbucket credentials — it is designed to be used by feeding diffs or via a pipeline/hook rather than calling Bitbucket APIs directly. This is explainable (instruction-only design) but worth noting.
Instruction Scope
SKILL.md explicitly instructs the agent to read the full PR diff, detect file languages, apply the included rulesets, generate grouped inline comments and a review summary. All referenced files are local rule/templates and the instructions do not request unrelated system files, environment variables, external endpoints, or privileged actions.
Install Mechanism
No install spec and no code to execute are included (instruction-only). That is the lowest-risk install model — nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The rules reference common code-review checks (security, linters, conventions) and do not require secrets. The lack of requested credentials is consistent with an instruction-only reviewer that operates on diffs provided by the integrator.
Persistence & Privilege
The skill does not request always:true and is not asking to modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but there are no additional persistence or privilege requests in the skill contents.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pr-code-reviewer
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pr-code-reviewer 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- Corrige rutas de reglas de "rules/*.md" a "references/*.md" en la sección de Detección de Lenguaje y Reglas. - No hay cambios en la funcionalidad o el formato de revisión; solo actualizaciones en las rutas de los archivos de referencia.
v1.0.0
Initial release – introduces an automated code reviewer for Bitbucket PRs. - Reviews PRs for syntax errors, bad practices, security vulnerabilities, and coding standard violations. - Generates detailed, categorized comments with correction suggestions. - Supports JavaScript, TypeScript, Node.js, PHP, and Python files. - Provides a clear review summary and mandatory verdict (Approve, Approve with Changes, or Reject). - Organizes findings by file and severity for efficient team feedback.
元数据
Slug pr-code-reviewer
版本 1.0.1
许可证
累计安装 4
当前安装数 4
历史版本数 2
常见问题

PR Code Reviewer 是什么?

Revisa automáticamente PRs en Bitbucket con análisis de errores, seguridad y estilo en JS, TS, Node.js, PHP y Python, generando comentarios detallados y vere... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1179 次。

如何安装 PR Code Reviewer?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pr-code-reviewer」即可一键安装,无需额外配置。

PR Code Reviewer 是免费的吗?

是的,PR Code Reviewer 完全免费(开源免费),可自由下载、安装和使用。

PR Code Reviewer 支持哪些平台?

PR Code Reviewer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 PR Code Reviewer?

由 nesquitmx(@nesquitmx)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论