← 返回 Skills 市场
pr-review
作者
Glucksberg
· GitHub ↗
· v2.0.1
1469
总下载
0
收藏
5
当前安装
3
版本数
在 OpenClaw 中安装
/install pr-review
功能描述
Find and fix code issues before publishing a PR. Single-pass review with auto-fix. Use when reviewing code changes before submission or auditing existing cod...
安全使用建议
This skill is coherent for its stated purpose: it will read your repository (git diff, config files, source files) and apply automatic fixes above configured confidence thresholds. Things to consider before running:
- Back up or commit your branch first (run on a feature branch) so you can review or revert changes.
- Review the diffs after the run (git diff --stat and full diff) and run your tests before pushing.
- Note the auto-fix behavior: Diff mode auto-fixes issues scoring >=70 and Audit mode >=80 — adjust your expectations accordingly.
- If you don't want the agent to edit files without explicit approval, require confirmation or run the tool in a dry-run/report-only mode.
- The skill is instruction-only (no external installers), reads only repo files, and requests no cloud credentials — there are no obvious indicators of secret exfiltration or out-of-scope access.
- Minor naming inconsistency: documentation refers to 'pre-review' commands while the skill is named 'pr-review' — confirm command names when installing/invoking.
If you want extra assurance, run it on a non-production copy of the repo first and inspect the changes before trusting it on critical branches.
功能分析
Type: OpenClaw Skill
Name: pr-review
Version: 2.0.1
The skill is classified as suspicious due to the broad permissions granted to the AI agent, specifically `Read`, `Edit`, `Write` access to files, and `Bash(git *)` execution capabilities, as defined in `plugins/pre-review/commands/code-audit.md` and `plugins/pre-review/commands/pre-review.md`. While these permissions are necessary for the skill's stated purpose of automatically reviewing and fixing code, they represent a significant attack surface. There is no evidence of intentional malicious behavior (e.g., data exfiltration, persistence, or unauthorized remote control) within the provided instructions, but the inherent power to modify user files and execute `git` commands could be exploited if the agent's instructions were subverted.
能力评估
Purpose & Capability
The skill is named pr-review and its instructions implement a 'pre-review' workflow: running git diffs, reading project config (eslint, tsconfig, CLAUDE.md), analyzing files, and applying fixes. Requiring the git binary and reading repository files is proportionate to the stated purpose. Minor naming inconsistency: the docs and commands mostly refer to 'pre-review' while the skill name is 'pr-review', but this is likely cosmetic.
Instruction Scope
The SKILL.md explicitly instructs the agent to read repository files, run git diff/blame, analyze code, and perform in-place auto-fixes above configured confidence thresholds (>=70 for diff mode, >=80 for audit). Reading project configuration files (CLAUDE.md, .eslintrc*, package.json) is expected for guideline-aware review. The notable operational risk is that the skill will edit repository files automatically — users should expect and review changes (git diff) after running. There are no instructions to read system-wide files or environment secrets outside the repository.
Install Mechanism
This is an instruction-only skill with no install spec or code files that execute arbitrary downloads. That minimizes install-time risk; nothing is fetched from external URLs or written to disk by an installer.
Credentials
The skill declares no required environment variables, credentials, or config paths outside the repo. The files it reads (repo config and project files) are appropriate for a code-review tool. There are no requests for unrelated cloud or service credentials.
Persistence & Privilege
always:false (normal). The skill is allowed to run autonomously by default (platform default) and its instructions include making edits to repository files. Autonomous invocation combined with auto-edit behavior increases the practical blast radius: consider requiring explicit confirmation before allowing edits or running the skill on a disposable branch. The skill does not request persistent system-wide privileges or modify other skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pr-review - 安装完成后,直接呼叫该 Skill 的名称或使用
/pr-review触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.1
Remove model-specific references from description
v2.0.0
v2.0.0: Simplified to single-pass review. Dropped 8-agent orchestration (5 Sonnet + 3 Haiku) in favor of one capable model pass. 10x cheaper, 5x faster. Keeps both diff/audit modes and auto-fix.
v1.0.0
Initial release. Unified pre-review and code-audit into single skill with smart mode detection.
元数据
常见问题
pr-review 是什么?
Find and fix code issues before publishing a PR. Single-pass review with auto-fix. Use when reviewing code changes before submission or auditing existing cod... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1469 次。
如何安装 pr-review?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pr-review」即可一键安装,无需额外配置。
pr-review 是免费的吗?
是的,pr-review 完全免费(开源免费),可自由下载、安装和使用。
pr-review 支持哪些平台?
pr-review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 pr-review?
由 Glucksberg(@glucksberg)开发并维护,当前版本 v2.0.1。
推荐 Skills