← 返回 Skills 市场
PR Reviewer
作者
Lnguyen1996
· GitHub ↗
· v1.0.0
· MIT-0
157
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install pull-request-reviewer
功能描述
Reviews pull requests by detecting logic bugs, security risks, test gaps, API changes, and style issues, providing a structured report prioritizing block mer...
使用说明 (SKILL.md)
pr-reviewer
Description
Review pull requests and code diffs across any language. Finds logic bugs, missing tests, security holes, breaking API changes, and naming problems before they merge. Returns a structured report: block-merge issues first, then warnings, then style suggestions.
Use when
- "review my PR"
- "check this diff"
- "is this PR mergeable"
- "what's wrong with this change"
- "code review"
- Any git diff, patch file, or PR description paste
Supported languages
Any language with a git diff. Specialised checklist for: Python, JavaScript/TypeScript, C#, Go, Rust, Java/Kotlin, SQL migrations.
Input
Paste one of:
- A git diff (
git diff main...feature-branch) - A GitHub/GitLab PR URL (if accessible)
- Raw code with a description of what it changes
Optionally specify: target branch, framework, whether this is a library (breaking changes matter more) or an app.
Output format
## PR Review
### Block Merge
- [Finding] — [why this must be fixed before merging]
✗ Problem: [problematic code]
✓ Fix: [corrected code]
### Warnings (fix before next release)
- [Finding] — [explanation]
### Suggestions (style / future-proofing)
- [Finding] — [explanation]
### Approved
- [Specific patterns done right — always include at least one]
### Summary
[2–3 sentences: biggest risk, top fix, overall verdict (merge / fix first / needs major work)]
Review checklist
Logic & correctness
- Off-by-one errors in loops or slices
- Null/nil dereference without guard
- Incorrect error handling (swallowed, wrong type checked)
- Wrong variable captured in closure/lambda
- Race condition introduced (shared mutable state, no lock)
- Missing edge case (empty input, zero value, max value)
Security
- User input used without sanitisation (SQL, shell, HTML)
- Secret or credential added to source (API key, password, token)
- Insecure deserialization
- Overly permissive CORS / auth bypass
- Path traversal risk
Tests
- New behaviour with zero test coverage
- Test that only tests the happy path (no error case)
- Mock that makes the test vacuously pass
- Missing assertion (test calls but never asserts)
API / interface
- Public method signature changed without deprecation
- Required parameter added to existing public function
- Return type narrowed or widened unexpectedly
- Serialised field renamed (breaks existing clients)
Performance
- N+1 query introduced
- Unbounded loop over user-supplied collection
- Synchronous I/O in async context
- Large allocation in hot path
Style
- Inconsistent naming with surrounding code
- Dead code left in (commented-out blocks, unused variables)
- TODO left without ticket reference
- Misleading variable/function name
Severity definitions
- Block Merge: Correctness bug, security hole, data loss risk, or breaking API change — must be fixed
- Warning: Performance issue, missing test coverage, or hard-to-debug behavior — fix before release
- Suggestion: Style, clarity, or maintainability improvement — up to the author
Self-improvement instructions
After each review, note the most common finding category (logic, security, tests, API, performance, style). After 20 reviews, surface the top 3 patterns as "Most common PR issues in [language]" to help users learn, not just fix.
安全使用建议
This skill is coherent and instruction-only — it does what it says: reviews diffs and PRs. Before using: do not paste private tokens, passwords, or other secrets into the diff or code you submit; expect that GitHub/GitLab URLs for private repos will not be reviewed unless the agent/environment already has network access and appropriate credentials; and note the self-improvement feature implies counting reviews across runs but no storage is provided — if you need persistent metrics, provide a secure storage mechanism or avoid relying on that feature.
功能分析
Type: OpenClaw Skill
Name: pull-request-reviewer
Version: 1.0.0
The pull-request-reviewer skill is a standard code analysis tool designed to review git diffs and provide structured feedback on logic, security, and style. The instructions in SKILL.md are well-defined, focusing on identifying common vulnerabilities (like SQL injection and hardcoded secrets) and providing helpful suggestions without any evidence of malicious intent, data exfiltration, or prompt-injection attacks.
能力评估
Purpose & Capability
Name, description, and required inputs (git diffs, PR URLs, raw code) align with a code-review skill. It does not request unrelated binaries, credentials, or config paths.
Instruction Scope
SKILL.md stays within the review scope (logic, security, tests, API, perf, style). Two minor notes: (1) it accepts GitHub/GitLab PR URLs 'if accessible' — the document doesn't request credentials, so private PRs won't be reachable unless the agent/environment already has network access and auth; (2) the 'self-improvement' step implies tracking counts across reviews but gives no storage mechanism (see persistence).
Install Mechanism
No install spec and no code files — instruction-only skill, so nothing is written to disk or downloaded during install.
Credentials
The skill requires no environment variables or credentials. Users should avoid pasting secrets or private tokens in diffs/code they submit, since the skill explicitly flags 'secret or credential added to source'.
Persistence & Privilege
always:false and no explicit persistence are appropriate. The 'after 20 reviews, surface top 3 patterns' instruction implies maintaining state across sessions; the SKILL.md does not specify where/how to store that state, so either the agent will not persist it or it may try to use external storage if available. This is a capability gap to be aware of but not inherently malicious.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pull-request-reviewer - 安装完成后,直接呼叫该 Skill 的名称或使用
/pull-request-reviewer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of pull-request-reviewer skill.
- Reviews pull requests and code diffs for logic bugs, missing tests, security holes, breaking API changes, and naming issues across any language.
- Provides structured reports with prioritized sections: block-merge issues, warnings, suggestions, approvals, and summary.
- Specialized review checklists for major languages (e.g., Python, JavaScript/TypeScript, C#, Go, Rust, Java/Kotlin, SQL migrations).
- Designed to help users identify and fix the most critical problems before merging.
- Tracks and surfaces common review issue patterns to aid learning over time.
元数据
常见问题
PR Reviewer 是什么?
Reviews pull requests by detecting logic bugs, security risks, test gaps, API changes, and style issues, providing a structured report prioritizing block mer... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 157 次。
如何安装 PR Reviewer?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pull-request-reviewer」即可一键安装,无需额外配置。
PR Reviewer 是免费的吗?
是的,PR Reviewer 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
PR Reviewer 支持哪些平台?
PR Reviewer 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 PR Reviewer?
由 Lnguyen1996(@lnguyen1996)开发并维护,当前版本 v1.0.0。
推荐 Skills