pr-reviewer
Review GitHub pull requests for code quality, security, and best practices. Use for automated PR feedback and approval workflows.
Best use case
pr-reviewer is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Review GitHub pull requests for code quality, security, and best practices. Use for automated PR feedback and approval workflows.
Teams using pr-reviewer should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/pr-reviewer/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How pr-reviewer Compares
| Feature / Agent | pr-reviewer | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Review GitHub pull requests for code quality, security, and best practices. Use for automated PR feedback and approval workflows.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
Cursor vs Codex for AI Workflows
Compare Cursor and Codex for AI coding workflows, repository assistance, debugging, refactoring, and reusable developer skills.
SKILL.md Source
# PR Reviewer Skill
## Purpose
Single responsibility: Review GitHub pull requests for quality, security, and adherence to project standards. (BP-4)
## Grounding Checkpoint (Archetype 1 Mitigation)
Before executing, VERIFY:
- [ ] gh CLI is installed and authenticated
- [ ] PR number or URL is valid
- [ ] Repository has review permissions
- [ ] Review criteria are defined
**DO NOT submit reviews without understanding the full diff.**
## Uncertainty Escalation (Archetype 2 Mitigation)
ASK USER instead of guessing when:
- Review scope unclear (security only vs full review)
- Approval authority undefined
- Conflicting with existing reviews
- Breaking changes detected
**NEVER approve PRs automatically without user confirmation.**
## Context Scope (Archetype 3 Mitigation)
| Context Type | Included | Excluded |
|--------------|----------|----------|
| RELEVANT | PR diff, commit messages, linked issues | Unrelated files |
| PERIPHERAL | Project standards, CI status | Other PRs |
| DISTRACTOR | Historical PRs | Fork activity |
## Workflow Steps
### Step 1: Fetch PR Details (Grounding)
```bash
# Get PR information
gh pr view <number> --json title,body,author,files,additions,deletions,commits,reviews
# Get diff
gh pr diff <number>
# Check CI status
gh pr checks <number>
```
### Step 2: Analyze Changes
```bash
# List changed files
gh pr view <number> --json files --jq '.files[].path'
# Get diff stats
gh pr view <number> --json additions,deletions --jq '"\(.additions) additions, \(.deletions) deletions"'
# Check for sensitive files
gh pr diff <number> | grep -E "(\.env|password|secret|key)" && echo "⚠️ Sensitive patterns detected"
```
### Step 3: Review Categories
**Code Quality:**
```bash
# Check for common issues
gh pr diff <number> | grep -E "(console\.log|debugger|TODO|FIXME)" | head -20
```
**Security:**
```bash
# Security patterns
gh pr diff <number> | grep -E "(eval\(|innerHTML|dangerouslySetInnerHTML|exec\()" | head -10
```
**Tests:**
```bash
# Check test coverage
gh pr view <number> --json files --jq '.files[] | select(.path | test("test|spec")) | .path'
```
### Step 4: Submit Review
**Comment only:**
```bash
gh pr review <number> --comment --body "$(cat <<'EOF'
## Code Review
### Summary
[Overview of changes]
### Observations
- Point 1
- Point 2
### Questions
- Question 1?
EOF
)"
```
**Request changes:**
```bash
gh pr review <number> --request-changes --body "Changes needed: [reason]"
```
**Approve:**
```bash
gh pr review <number> --approve --body "LGTM! ✅"
```
## Recovery Protocol (Archetype 4 Mitigation)
On error:
1. **PAUSE** - Don't submit partial reviews
2. **DIAGNOSE** - Check error type:
- `Not found` → Verify PR number
- `Permission denied` → Check repo access
- `Review already exists` → Update existing
- `CI pending` → Wait or note in review
3. **ADAPT** - Adjust review scope
4. **RETRY** - With corrected parameters (max 3 attempts)
5. **ESCALATE** - Report issues to user
## Checkpoint Support
State saved to: `.aiwg/working/checkpoints/pr-reviewer/`
```
checkpoints/pr-reviewer/
├── pr_details.json # PR metadata
├── diff_analysis.json # Change analysis
├── security_scan.json # Security findings
└── review_draft.md # Draft review
```
## Review Template
```markdown
## Code Review: PR #<number>
### Summary
<Brief overview of the PR purpose and changes>
### Review Checklist
- [ ] Code follows project style guide
- [ ] Tests added/updated for changes
- [ ] Documentation updated if needed
- [ ] No security vulnerabilities introduced
- [ ] CI checks passing
### Observations
#### ✅ Strengths
- Point 1
- Point 2
#### ⚠️ Concerns
- Concern 1 (file:line)
- Concern 2 (file:line)
#### ❓ Questions
- Question about design choice?
### Recommendation
- [ ] Approve
- [ ] Request changes
- [ ] Comment only
### Line Comments
| File | Line | Comment |
|------|------|---------|
| src/foo.ts | 42 | Consider using const |
```
## Common Commands
| Command | Purpose |
|---------|---------|
| `gh pr view <n>` | View PR details |
| `gh pr diff <n>` | View diff |
| `gh pr checks <n>` | CI status |
| `gh pr review <n>` | Submit review |
| `gh pr comment <n>` | Add comment |
| `gh pr merge <n>` | Merge PR |
## References
- GitHub CLI PR commands: https://cli.github.com/manual/gh_pr
- REF-001: Production-Grade Agentic Workflows (BP-4)
- REF-002: LLM Failure Modes (Archetype 2 over-helpfulness)Related Skills
aiwg-orchestrate
Route structured artifact work to AIWG workflows via MCP with zero parent context cost
venv-manager
Create, manage, and validate Python virtual environments. Use for project isolation and dependency management.
pytest-runner
Execute Python tests with pytest, supporting fixtures, markers, coverage, and parallel execution. Use for Python test automation.
vitest-runner
Execute JavaScript/TypeScript tests with Vitest, supporting coverage, watch mode, and parallel execution. Use for JS/TS test automation.
eslint-checker
Run ESLint for JavaScript/TypeScript code quality and style enforcement. Use for static analysis and auto-fixing.
repo-analyzer
Analyze GitHub repositories for structure, documentation, dependencies, and contribution patterns. Use for codebase understanding and health assessment.
YouTube Acquisition
yt-dlp patterns for acquiring content from YouTube and video platforms
Quality Filtering
Accept/reject logic and quality scoring heuristics for media content
Provenance Tracking
W3C PROV-O patterns for tracking media derivation chains and production history
Metadata Tagging
opustags and ffmpeg patterns for applying metadata to audio and video files
Audio Extraction
ffmpeg patterns for extracting audio from video files and transcoding between formats
Archive Acquisition
Patterns for acquiring content from Internet Archive and archival sources