pr-reviewerAutomated GitHub PR code review with diff analysis, lint integration, and structured reports. Use when reviewing pull requests, checking for security issues,...
Install via ClawdBot CLI:
clawdbot install briancolinger/pr-reviewerAutomated code review for GitHub pull requests. Analyzes diffs for security issues, error handling gaps, style problems, and test coverage.
gh CLI installed and authenticated (gh auth status)golangci-lint for Go linting, ruff for Python linting# Review all open PRs in current repo
scripts/pr-review.sh check
# Review a specific PR
scripts/pr-review.sh review 42
# Post review as GitHub comment
scripts/pr-review.sh post 42
# Check status of all open PRs
scripts/pr-review.sh status
# List unreviewed PRs (useful for heartbeat/cron integration)
scripts/pr-review.sh list-unreviewedSet these environment variables or the script auto-detects from the current git repo:
PR_REVIEW_REPO — GitHub repo in owner/repo format (default: detected from gh repo view)PR_REVIEW_DIR — Local checkout path for lint (default: git root of cwd)PR_REVIEW_STATE — State file path (default: ./data/pr-reviews.json)PR_REVIEW_OUTDIR — Report output directory (default: ./data/pr-reviews/)| Category | Icon | Examples |
|----------|------|----------|
| Security | 🔴 | Hardcoded credentials, AWS keys, secrets in code |
| Error Handling | 🟡 | Discarded errors (Go _ :=), bare except: (Python), unchecked Close() |
| Risk | 🟠 | panic() calls, process.exit() |
| Style | 🔵 | fmt.Print/print()/console.log in prod, very long lines |
| TODOs | 📝 | TODO, FIXME, HACK, XXX markers |
| Test Coverage | 📊 | Source files changed without corresponding test changes |
Tracks HEAD SHA per PR. Only re-reviews when new commits are pushed. Use review to force re-review.
Reports are saved as markdown files in the output directory. Each report includes:
Add to a periodic check (heartbeat, cron job, or CI):
UNREVIEWED=$(scripts/pr-review.sh list-unreviewed)
if [ -n "$UNREVIEWED" ]; then
scripts/pr-review.sh check
fiThe analysis patterns in the script are organized by language. Add new patterns by appending to the relevant pattern list in the analyze_diff() function:
# Add a new Go pattern
go_patterns.append((r'^\+.*os\.Exit\(', 'RISK', 'Direct os.Exit() — consider returning error'))Generated Mar 1, 2026
Automated code review for open source repositories to ensure contributions meet security and style standards before merging. Helps maintainers handle high volumes of pull requests efficiently, reducing manual review burden and catching issues like hardcoded secrets or error handling gaps early.
Integration into CI/CD pipelines for large organizations to enforce code quality and security policies automatically. Reviews pull requests in real-time, providing structured reports that flag risks such as panic calls or missing test coverage, ensuring compliance and reducing deployment errors.
Used by solo developers or small teams to self-review code before submitting to clients or upstream projects. Automates checks for common issues like TODOs or style problems in Go, Python, and JavaScript, improving code reliability and client satisfaction with minimal setup.
Implementation in online learning environments to provide automated feedback on student submissions for programming courses. Analyzes pull requests for security flaws and error handling, offering learners instant, actionable insights to improve their coding practices in a controlled setting.
Supports fast-paced development cycles in startups by automating code reviews for small teams. Tracks PRs and re-reviews only new commits, saving time on repetitive checks and focusing on critical issues like risk patterns or test coverage gaps to accelerate product iterations.
Offer the skill as a cloud-based service with tiered pricing based on repository size or number of PRs reviewed monthly. Revenue comes from subscriptions, with features like advanced linting integrations or team collaboration tools for enterprise clients.
Provide consulting services to integrate and customize the skill for specific organizational needs, such as adding custom analysis patterns or integrating with proprietary tools. Revenue is generated through project-based fees and ongoing support contracts.
Release the core skill as open source to build community adoption, while monetizing through premium features like enhanced security scanning, priority support, or integrations with commercial CI/CD platforms. Revenue streams include one-time purchases or freemium upgrades.
💬 Integration Tip
Ensure the gh CLI is authenticated and the local repository is checked out for linting to work properly; use environment variables for flexible configuration across different projects.
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
Query the DeepWiki MCP server for GitHub repository documentation, wiki structure, and AI-powered questions.
Essential Git commands and workflows for version control, branching, and collaboration.
Advanced git operations beyond add/commit/push. Use when rebasing, bisecting bugs, using worktrees for parallel development, recovering with reflog, managing subtrees/submodules, resolving merge conflicts, cherry-picking across branches, or working with monorepos.
Format commit messages using the Conventional Commits specification. Use when creating commits, writing commit messages, or when the user mentions commits, git commits, or commit messages. Ensures commits follow the standard format for automated tooling, changelog generation, and semantic versioning.
Read GitHub repos the RIGHT way - via gitmcp.io instead of raw scraping. Why this beats web search: (1) Semantic search across docs, not just keyword matching, (2) Smart code navigation with accurate file structure - zero hallucinations on repo layout, (3) Proper markdown output optimized for LLMs, not raw HTML/JSON garbage, (4) Aggregates README + /docs + code in one clean interface, (5) Respects rate limits and robots.txt. Stop pasting raw GitHub URLs - use this instead.