PR Auto-Review
PassAudited by ClawScan on May 11, 2026.
Overview
This skill appears to match its stated PR-review purpose, with expected but user-controlled use of GitHub authentication, Discord webhooks, local health checks, and optional scheduling.
Before installing or running, make sure gh is authenticated to the intended repository, provide only a trusted Discord webhook, review the report content that may be posted, and only enable cron or the optional healthcheck integration if you want recurring automated checks.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can read PR and check information available to the logged-in GitHub account and can post messages to the supplied Discord webhook.
The workflow depends on an authenticated GitHub CLI session and a Discord webhook credential to perform the stated PR-review and notification tasks.
- `gh` CLI (authenticated) — for PR data | `--discord-webhook <url>` | Discord webhook URL for notification |
Use a GitHub account or token with only the repository access needed, and use a Discord webhook limited to the intended channel.
PR titles, authors, changed-file lists, CI status details, and health-check results may be shared with the Discord channel tied to the webhook.
When a webhook is provided, the script sends the generated report content to Discord.
CONTENT=$(head -c 1900 "$REPORT") curl -s -X POST "$DISCORD_WEBHOOK"
Review what the report contains before enabling Discord posting, and only provide webhooks for channels where that project information is appropriate.
If the separate healthcheck skill is compromised or not trusted, this skill could run that helper during the health-check phase.
The script will execute a healthcheck.sh file from another installed skill if present; this is disclosed and purpose-aligned, but it depends on the trustworthiness of that separate skill.
HEALTHCHECK_SCRIPT=$(find /root/.openclaw/skills/healthcheck -name "healthcheck.sh" 2>/dev/null | head -1)
if [[ -n "$HEALTHCHECK_SCRIPT" && -x "$HEALTHCHECK_SCRIPT" ]]; then
HEALTH_JSON=$("$HEALTHCHECK_SCRIPT" --jsonInstall the healthcheck skill only from trusted sources, keep it reviewed, or run this skill with --skip-healthcheck when you do not want that helper invoked.
If the user enables the cron example, PR checks and Discord notifications may run repeatedly without manual invocation each time.
The documentation includes an optional scheduled automation example; the script does not create this schedule by itself.
openclaw cron add --name "pr-review-poll" --every 30m \ --message "Run pr-auto-review on any new open PRs and notify Discord"
Only add the cron job intentionally, monitor its output, and remove or disable it when continuous PR polling is no longer needed.