pr-reviewer

Review·Scanned 2/17/2026

This skill automates GitHub PR reviews: it analyzes diffs, runs linters, and writes markdown reports. It is a shell script (#!/usr/bin/env bash) that calls the gh CLI (requires gh authentication), performs network calls to GitHub, and writes reports to ./data/pr-reviews.json and ./data/pr-reviews/.

from clawhub.ai·v75d0ef5·21.4 KB·0 installs
Scanned from 1.0.0 at 75d0ef5 · Transparency log ↗
$ vett add clawhub.ai/briancolinger/pr-reviewerReview findings below

PR Reviewer

Automated code review for GitHub pull requests. Analyzes diffs for security issues, error handling gaps, style problems, and test coverage.

Prerequisites

  • gh CLI installed and authenticated (gh auth status)
  • Repository access (read at minimum, write for posting comments)
  • Optional: golangci-lint for Go linting, ruff for Python linting

Quick Start

# Review all open PRs in current repo
scripts/pr-review.sh check

# Review a specific PR
scripts/pr-review.sh review 42

# Post review as GitHub comment
scripts/pr-review.sh post 42

# Check status of all open PRs
scripts/pr-review.sh status

# List unreviewed PRs (useful for heartbeat/cron integration)
scripts/pr-review.sh list-unreviewed

Configuration

Set these environment variables or the script auto-detects from the current git repo:

  • PR_REVIEW_REPO — GitHub repo in owner/repo format (default: detected from gh repo view)
  • PR_REVIEW_DIR — Local checkout path for lint (default: git root of cwd)
  • PR_REVIEW_STATE — State file path (default: ./data/pr-reviews.json)
  • PR_REVIEW_OUTDIR — Report output directory (default: ./data/pr-reviews/)

What It Checks

CategoryIconExamples
Security🔴Hardcoded credentials, AWS keys, secrets in code
Error Handling🟡Discarded errors (Go _ :=), bare except: (Python), unchecked Close()
Risk🟠panic() calls, process.exit()
Style🔵fmt.Print/print()/console.log in prod, very long lines
TODOs📝TODO, FIXME, HACK, XXX markers
Test Coverage📊Source files changed without corresponding test changes

Smart Re-Review

Tracks HEAD SHA per PR. Only re-reviews when new commits are pushed. Use review <PR#> to force re-review.

Report Format

Reports are saved as markdown files in the output directory. Each report includes:

  • PR metadata (author, branch, changes)
  • Commit list
  • Changed file categorization by language/type
  • Automated diff findings with file, line, category, and context
  • Test coverage analysis
  • Local lint results (when repo is checked out locally)
  • Summary verdict: 🔴 SECURITY / 🟡 NEEDS ATTENTION / 🔵 MINOR NOTES / ✅ LOOKS GOOD

Heartbeat/Cron Integration

Add to a periodic check (heartbeat, cron job, or CI):

UNREVIEWED=$(scripts/pr-review.sh list-unreviewed)
if [ -n "$UNREVIEWED" ]; then
  scripts/pr-review.sh check
fi

Extending

The analysis patterns in the script are organized by language. Add new patterns by appending to the relevant pattern list in the analyze_diff() function:

# Add a new Go pattern
go_patterns.append((r'^\+.*os\.Exit\(', 'RISK', 'Direct os.Exit() — consider returning error'))