← 返回 Skills 市场
PR Review Assistant
作者
charlie-morrison
· GitHub ↗
· v1.0.0
· MIT-0
47
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pr-review-assistant
功能描述
Automated pull request review providing detailed feedback on correctness, security, performance, maintainability, testing, and best practices.
安全使用建议
This skill appears to be a small helper that collects diffs for an AI reviewer, but there are two things to be cautious about:
- Missing declared requirements: The script calls git and (optionally) gh but the skill metadata didn't list those binaries. Ensure git and gh are present and that gh is authenticated only with an account/token you trust.
- Overpromised AI behavior: SKILL.md claims advanced cross-file, repository-aware suggestions, but the included script only gathers diffs and stats. If you rely on the agent to perform in-depth review, inspect whatever AI-side code/config will run with this skill (the agent's model prompts and what files it will be allowed to read). Give the skill least privilege: run it locally first, confirm outputs, and restrict the agent's repository file access if possible.
Recommended actions before installing: run scripts/pr_review.py locally to confirm behavior, verify no unexpected network endpoints or credential usage are introduced at runtime, and if you enable autonomous invocation, limit its repository/file read scope and monitor gh authentication tokens used by the environment.
功能分析
Type: OpenClaw Skill
Name: pr-review-assistant
Version: 1.0.0
The PR Review Assistant is a legitimate tool designed to collect git diff data for AI-assisted code reviews. The primary script, `scripts/pr_review.py`, uses safe subprocess calls with list-based arguments to interact with `git` and the GitHub CLI (`gh`), avoiding shell injection vulnerabilities. The documentation in `SKILL.md` is consistent with the code's functionality and contains no malicious instructions or prompt injection attempts.
能力评估
Purpose & Capability
The skill's name and description (automated PR review) align with the included script, which collects diffs and file lists. However, the SKILL.md and the script rely on git and optionally the GitHub CLI (gh), but the registry metadata lists no required binaries or credentials. The SKILL.md also claims richer AI review capabilities ('understands project context', 'identifies patterns across multiple changed files', 'suggests specific fixes') that are not implemented in the included script (the script only gathers diffs/stats and prints them). This mismatch between claimed capabilities and actual artifacts is incoherent.
Instruction Scope
SKILL.md instructs running the included script and (optionally) using gh to fetch PR diffs. The instructions do not ask the agent to access unrelated system files or external endpoints. However the 'AI Enhancement' section explicitly encourages the agent to use repository context beyond the diff; that would legitimately require reading repository files, which is expected for a reviewer but expands runtime scope. The SKILL.md does not constrain what project files the agent may read, so an agent could end up reading any repo file if allowed.
Install Mechanism
There is no install spec (instruction-only with a small helper script). That minimizes install-time risk—nothing is downloaded or written by an installer.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. But the script invokes the GitHub CLI (gh) when a PR number is requested; gh requires authentication to GitHub (tokens/config stored elsewhere). The skill omits documenting that gh must be authenticated and does not request or declare a primary credential—this omission should be addressed so users know what permissions are needed.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges. It does not modify other skills or system settings. Autonomous invocation is allowed by default but is not combined with other high-risk indicators here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pr-review-assistant - 安装完成后,直接呼叫该 Skill 的名称或使用
/pr-review-assistant触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of PR Review Assistant—automates pull request review with structured feedback:
- Assesses code across correctness, security, performance, maintainability, testing, and best practices.
- Supports reviewing current branch, specific PRs, or staged changes.
- Allows focus on selected review areas via command-line flags.
- Outputs clear summaries with severity/risk and actionable recommendations.
- Can format reports as markdown, JSON, or GitHub comments.
- Enhanced review when used as an agent: understands project context, applies conventions, and suggests code fixes.
元数据
常见问题
PR Review Assistant 是什么?
Automated pull request review providing detailed feedback on correctness, security, performance, maintainability, testing, and best practices. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 47 次。
如何安装 PR Review Assistant?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pr-review-assistant」即可一键安装,无需额外配置。
PR Review Assistant 是免费的吗?
是的,PR Review Assistant 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
PR Review Assistant 支持哪些平台?
PR Review Assistant 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 PR Review Assistant?
由 charlie-morrison(@charlie-morrison)开发并维护,当前版本 v1.0.0。
推荐 Skills