← 返回 Skills 市场
PR Review Factory
作者
zlszhonglongshen
· GitHub ↗
· v1.0.0
· MIT-0
45
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pr-review-factory
功能描述
自动化Code Review工厂 — GitHub PR审查全流程自动化,从提交到修复到合并,一站式质量门禁。
安全使用建议
Before installing, verify and limit privileges: 1) Ask the publisher for clarification about required env vars (SKILL.md mentions GITHUB_TOKEN but metadata lists none) and for the source/homepage. 2) Use a least-privilege credential: prefer a fine-grained GitHub App or token scoped only to the specific repo and actions needed (issues, workflows, PR updates), avoid org-level or admin tokens. 3) Review generated GitHub Actions workflows and CI templates before they are committed/deployed — workflows can execute PR code and could be abused. 4) Test the skill on a non-production or forked repo first. 5) Confirm the provenance/trustworthiness of the referenced sub-skills (code-review-skill, github-issues-skill, github-actions-templates) — they are orchestrated but not included, so their behavior matters. 6) If you require automatic merging, consider adding a manual approval step or restrict merges to specific maintainers. If you cannot verify the publisher or the downstream skills, avoid granting admin-level repo access.
功能分析
Type: OpenClaw Skill
Name: pr-review-factory
Version: 1.0.0
The pr-review-factory skill bundle is a legitimate automation tool designed to orchestrate GitHub Pull Request workflows. It leverages standard skills (code-review-skill, github-issues-skill, and github-actions-templates) to perform multi-dimensional code analysis, track blocking issues, and configure CI/CD quality gates. The requested permissions (GITHUB_TOKEN) and actions (creating issues, modifying workflows) are entirely consistent with its stated purpose of DevOps automation, and no indicators of malicious intent, data exfiltration, or harmful prompt injection were found across the SKILL.md or workflow.json files.
能力评估
Purpose & Capability
The skill claims to automate full PR lifecycle (review → issues → CI → merge). That purpose legitimately requires GitHub API access and the ability to create workflows and issues; these capabilities align with the stated purpose. However, the skill metadata declares no required environment variables or credentials while the SKILL.md explicitly says a GITHUB_TOKEN is required — an inconsistency.
Instruction Scope
SKILL.md instructs the agent to fetch PR diffs, create Issues, configure/deploy GitHub Actions workflows, check branch protection, and automatically mark/merge PRs. These actions operate on the user's repos and can change repository settings and add CI workflows. The instructions do not declare any external endpoints beyond GitHub or request unrelated local files, but they grant broad discretion to modify repo state (including deploying workflows) which can execute code from PRs. The missing explicit declaration of required credentials in the metadata increases risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself. That reduces installation risk; all runtime behavior is orchestration of other (named) skills.
Credentials
The skill requires a GitHub token with repo read/write and possibly admin permissions (to deploy workflows and mark/merge PRs), but the registry metadata lists no required env vars or primary credential. Declaring no credentials while the instructions require GITHUB_TOKEN is a notable mismatch. Granting a token with repo-admin or org-level rights would be disproportionate unless you trust the skill and its components.
Persistence & Privilege
always:false and normal autonomous invocation are used (no forced inclusion). The skill will modify repository state (issues, workflows, PR merge status) if given permission — this is expected for its purpose but constitutes high-impact privileges within the repo. There's no indication the skill will persist beyond normal operation or alter other skills' configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pr-review-factory - 安装完成后,直接呼叫该 Skill 的名称或使用
/pr-review-factory触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
pr-review-factory 1.0.0首次发布:
- 实现GitHub PR自动化审查全流程,包括结构化Code Review、问题Issue化、责任分派、CI工作流验证到自动合并。
- 支持5个核心审查维度:正确性、安全性、可读性、性能、可维护性。
- 自动创建和分派GitHub Issues跟踪审查问题,实现修复闭环。
- 质量门禁控制:所有Blocking问题修复后才可自动合并PR。
- 提供多种触发方式,适配不同审查场景。
元数据
常见问题
PR Review Factory 是什么?
自动化Code Review工厂 — GitHub PR审查全流程自动化,从提交到修复到合并,一站式质量门禁。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 45 次。
如何安装 PR Review Factory?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pr-review-factory」即可一键安装,无需额外配置。
PR Review Factory 是免费的吗?
是的,PR Review Factory 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
PR Review Factory 支持哪些平台?
PR Review Factory 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 PR Review Factory?
由 zlszhonglongshen(@zlszhonglongshen)开发并维护,当前版本 v1.0.0。
推荐 Skills