ClawHub

Pr Review

v1.0.0

Comprehensive pull request review covering code quality, security, performance, and maintainability. Use for any code review task.

0· 180·0 current·0 all-time
bySolomon Neas@solomonneas

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for solomonneas/sn-pr-review.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pr Review" (solomonneas/sn-pr-review) from ClawHub.
Skill page: https://clawhub.ai/solomonneas/sn-pr-review
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sn-pr-review

ClawHub CLI

Package manager switcher

npx clawhub@latest install sn-pr-review
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and checklist align: the skill is an instruction-only PR reviewer and does not request unrelated binaries, credentials, or system access.
Instruction Scope
SKILL.md provides a focused checklist and a clear JSON output format. It does not itself instruct the agent to fetch PR diffs or external data (it assumes the agent will be invoked with the code context), and it references a separate 'security-review' skill but does not require any extra scope or data exfiltration.
Install Mechanism
No install spec or code files are present; nothing is written to disk or downloaded as part of this skill.
Credentials
The skill declares no environment variables, credentials, or config paths — appropriate for an instruction-only review helper.
Persistence & Privilege
always is false, the skill does not request permanent presence or system-wide configuration changes. Autonomous invocation is allowed by platform default but is not unusual or excessive here.
Assessment
This skill is low-risk: it's purely instructional, asks for no installs or secrets, and aligns with its stated purpose. Before enabling it, ensure the agent invocation supplies only the PR/diff content you intend it to review (don't pass sensitive files or secrets inside diffs). If you combine it with other skills (e.g., the referenced security-review skill), review those skills' requirements too. As a best practice, test the skill on non-sensitive, sample PRs to confirm the output format and content meet your needs.

Like a lobster shell, security has layers — review code before you run it.

latestvk977t4sv425047nfaqtjy30vb583ban7
180downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Solomon Neas@solomonneas
latest
Download

Pull Request Review

Perform a thorough code review covering quality, security, performance, and maintainability.

Review Checklist

Code Quality

  • Naming: clear, descriptive, consistent with codebase conventions
  • Functions: single responsibility, reasonable length (<50 lines)
  • Error handling: all failure paths covered, no swallowed exceptions
  • Types: proper TypeScript/type annotations where applicable
  • DRY: no unnecessary duplication
  • Dead code: nothing unused or commented out

Security (see also: security-review skill)

  • No secrets or credentials in code
  • Input validation on all user-facing endpoints
  • Parameterized queries (no string concatenation for SQL)
  • Proper auth/authz checks

Performance

  • N+1 query patterns
  • Missing database indexes for new queries
  • Unbounded loops or recursive calls
  • Large payload responses without pagination
  • Missing caching where appropriate

Testing

  • New functionality has tests
  • Edge cases covered (empty arrays, null, boundaries)
  • Tests are deterministic (no timing dependencies)
  • Mocks are appropriate (not over-mocked)

Maintainability

  • Changes are documented (README, comments for complex logic)
  • Breaking changes are noted
  • Migration path is clear for schema changes
  • Dependencies added are justified

Output Format

Start with a summary:

## Review Summary
**Verdict:** APPROVE | REQUEST_CHANGES | COMMENT
**Risk Level:** Low | Medium | High
**Key Findings:** [1-3 sentence summary]

Then list findings by category, each with:

  • File and line reference
  • What the issue is
  • Suggested fix (with code when helpful)
  • Severity (blocking vs. nit)

End with:

## Positive Notes
[Things done well worth calling out]

Comments

Loading comments...