home / skills / openclaw / skills / pr-reviewer
This skill automates GitHub PR reviews by analyzing diffs for security, errors, style, and test coverage across Go, Python, and JavaScript.
npx playbooks add skill openclaw/skills --skill pr-reviewerReview the files below or copy the command above to add this skill to your agents.
---
name: pr-reviewer
version: 1.0.1
description: Automated GitHub PR code review with diff analysis, lint integration, and structured reports. Use when reviewing pull requests, checking for security issues, error handling gaps, test coverage, or code style problems. Supports Go, Python, and JavaScript/TypeScript. Requires `gh` CLI authenticated with repo access.
metadata:
openclaw:
requires:
bins: ["gh", "python3"]
anyBins: ["golangci-lint", "ruff"]
---
# PR Reviewer
Automated code review for GitHub pull requests. Analyzes diffs for security issues, error handling gaps, style problems, and test coverage.
## Prerequisites
- `gh` CLI installed and authenticated (`gh auth status`)
- Repository access (read at minimum, write for posting comments)
- Optional: `golangci-lint` for Go linting, `ruff` for Python linting
## Quick Start
```bash
# Review all open PRs in current repo
scripts/github/pr-reviewer.sh check
# Review a specific PR
scripts/github/pr-reviewer.sh review 42
# Post review as GitHub comment
scripts/github/pr-reviewer.sh post 42
# Check status of all open PRs
scripts/github/pr-reviewer.sh status
# List unreviewed PRs (useful for heartbeat/cron integration)
scripts/github/pr-reviewer.sh list-unreviewed
```
## Configuration
Set these environment variables or the script auto-detects from the current git repo:
- `PR_REVIEW_REPO` — GitHub repo in `owner/repo` format (default: detected from `gh repo view`)
- `PR_REVIEW_DIR` — Local checkout path for lint (default: git root of cwd)
- `PR_REVIEW_STATE` — State file path (default: `./data/pr-reviews.json`)
- `PR_REVIEW_OUTDIR` — Report output directory (default: `./data/pr-reviews/`)
## Directories Written
- **`PR_REVIEW_STATE`** (default: `./data/pr-reviews.json`) — Tracks reviewed PRs and their HEAD SHAs
- **`PR_REVIEW_OUTDIR`** (default: `./data/pr-reviews/`) — Markdown review reports
## What It Checks
| Category | Icon | Examples |
|----------|------|----------|
| Security | 🔴 | Hardcoded credentials, AWS keys, secrets in code |
| Error Handling | 🟡 | Discarded errors (Go `_ :=`), bare `except:` (Python), unchecked `Close()` |
| Risk | 🟠 | `panic()` calls, `process.exit()` |
| Style | 🔵 | `fmt.Print`/`print()`/`console.log` in prod, very long lines |
| TODOs | 📝 | TODO, FIXME, HACK, XXX markers |
| Test Coverage | 📊 | Source files changed without corresponding test changes |
## Smart Re-Review
Tracks HEAD SHA per PR. Only re-reviews when new commits are pushed. Use `review <PR#>` to force re-review.
## Report Format
Reports are saved as markdown files in the output directory. Each report includes:
- PR metadata (author, branch, changes)
- Commit list
- Changed file categorization by language/type
- Automated diff findings with file, line, category, and context
- Test coverage analysis
- Local lint results (when repo is checked out locally)
- Summary verdict: 🔴 SECURITY / 🟡 NEEDS ATTENTION / 🔵 MINOR NOTES / ✅ LOOKS GOOD
## Heartbeat/Cron Integration
Add to a periodic check (heartbeat, cron job, or CI):
```bash
UNREVIEWED=$(scripts/github/pr-reviewer.sh list-unreviewed)
if [ -n "$UNREVIEWED" ]; then
scripts/github/pr-reviewer.sh check
fi
```
## Extending
The analysis patterns in the script are organized by language. Add new patterns by appending to the relevant pattern list in the `analyze_diff()` function:
```python
# Add a new Go pattern
go_patterns.append((r'^\+.*os\.Exit\(', 'RISK', 'Direct os.Exit() — consider returning error'))
```
This skill automates GitHub pull request code review by analyzing diffs, integrating local linters, and producing structured markdown reports. It focuses on security, error handling, test coverage, and style across Go, Python, and JavaScript/TypeScript. Use it to find obvious risks and to centralize review output for audits or automated workflows.
The tool inspects PR diffs and applies language-specific pattern matching to surface security issues, discarded errors, risky calls, TODO markers, and style problems. When a local checkout is available it runs configured linters (e.g., golangci-lint, ruff) and merges those findings into the report. Reports are saved as markdown and include PR metadata, commit lists, file categorizations, diff findings, test-coverage signals, and a summary verdict.
What prerequisites are required?
Install and authenticate the gh CLI and grant repo access; optional linters (golangci-lint, ruff) enable richer local linting.
Which languages are supported?
Built-in patterns target Go, Python, and JavaScript/TypeScript; patterns can be extended for other languages.
How does smart re-review work?
The skill tracks the PR HEAD SHA and only re-runs analysis when new commits are pushed, unless you force a review.