PR Reviewer Skill for OpenClaw
Automated code review for pull requests.
Last updated: 2026-03-11
Quick Install
$ npx clawhub@latest install pr-reviewerKey Features
OpenClaw PR Reviewer Skill Overview
The PR Reviewer skill turns OpenClaw into an automated code review assistant for your pull requests. Instead of waiting hours for a teammate to review your PR, you can get immediate, AI-powered feedback on code quality, potential bugs, security issues, and style consistency.
This skill reads pull request diffs and provides structured, actionable feedback — similar to what a senior developer would flag during code review. It operates in read-only mode by default, meaning it only comments and suggests; it never merges, approves, or modifies code without your explicit instruction.
The OpenClaw PR Reviewer skill is designed to complement human reviewers, not replace them. It catches the mechanical issues (typos, unused imports, missing error handling) so your team can focus on architecture, logic, and design decisions.
Typical workflow:
- Open a pull request on GitHub.
- Ask OpenClaw to review the PR.
- The agent fetches the diff, analyzes every changed file, and returns a structured review with inline suggestions — ready for you to act on.
Prerequisites for PR Reviewer Skill
Before installing the PR Reviewer skill, make sure you have:
- OpenClaw installed and running (v1.0+)
- GitHub CLI (gh) installed and authenticated — installation guide
- Access to the repository containing the pull request
- clawhub CLI installed for skill management
Verify your setup:
# Check OpenClaw version openclaw --version # Check GitHub CLI version gh --version # Verify GitHub authentication gh auth status
The PR Reviewer skill works best when paired with the GitHub skill, which provides the underlying GitHub API access.
How to Install the PR Reviewer Skill
Install the PR Reviewer skill with a single command:
npx clawhub@latest install pr-reviewer
To verify the installation:
clawhub list
You should see pr-reviewer in the list of installed skills. The skill is ready to use immediately after installation.
PR Reviewer Skill Configuration
The PR Reviewer skill works out of the box with sensible defaults. It uses your existing GitHub authentication (via gh auth) to access pull request data.
Review Scope
By default, the skill reviews:
| Aspect | What It Checks | |--------|---------------| | Code quality | Unused variables, dead code, unnecessary complexity | | Bug detection | Null pointer risks, off-by-one errors, race conditions | | Security | Hardcoded secrets, SQL injection, XSS vulnerabilities | | Style | Naming conventions, formatting inconsistencies | | Testing | Missing test coverage for new logic | | Documentation | Outdated comments, missing JSDoc/docstrings |
Environment Setup
# Ensure GitHub CLI is authenticated gh auth login # Or set a Personal Access Token with repo scope export GITHUB_TOKEN=ghp_your_token_here
Important: The PR Reviewer skill only needs read access to repository contents and pull requests. Never grant write or admin scopes unless you explicitly want the agent to post comments on your behalf.
PR Reviewer Skill Usage Examples
1. Review a Specific Pull Request
You: "Review PR #42 on our main repo."
The agent fetches the diff for PR #42 using gh pr diff 42, then analyzes each changed file and returns a structured review:
- Summary: 3 files changed, 127 lines added, 45 removed. Adds a new payment processing module.
- Issues found: 2 bugs, 1 security concern, 3 style suggestions.
- Each issue includes the file name, line number, severity, and a recommended fix.
2. Focus on Security Issues Only
You: "Check PR #128 for security vulnerabilities."
The agent performs a security-focused review, scanning for:
- Hardcoded API keys or secrets
- SQL injection or NoSQL injection patterns
- Cross-site scripting (XSS) vectors
- Insecure deserialization
- Missing input validation
It returns only security-relevant findings, with OWASP references where applicable.
3. Summarize Changes for a Large PR
You: "Give me a summary of the changes in PR #256. It's a big one."
The agent reads through the entire diff and produces a concise summary:
- High-level description of what the PR accomplishes
- List of files changed, grouped by module or feature
- Key architectural decisions or trade-offs
- Potential risks or areas that need extra attention during human review
4. Compare with Coding Standards
You: "Review PR #99 against our team's TypeScript coding standards."
The agent applies your team's conventions to the review, checking for:
- Consistent use of
interfacevstype - Proper error handling patterns
- Import ordering and barrel exports
- Component naming conventions (PascalCase for React components)
Security & Best Practices
The PR Reviewer skill is read-only by default — it fetches diffs and generates feedback but does not post comments, approve PRs, or merge code unless explicitly instructed.
Follow these guidelines to stay safe:
- Keep it read-only. The default configuration only reads PR data. If you enable comment posting, review each comment before it goes live.
- Use least privilege. Grant only
repo:readscope if using a PAT. The skill does not need write access for its core review functionality. - Review the review. AI-generated feedback is not infallible. Always apply your own judgment before acting on suggestions, especially for security-sensitive code.
- Don't skip human review. This skill accelerates the review process but should not be the only reviewer. Use it as a first pass to catch mechanical issues.
- Protect sensitive repos. For repositories containing proprietary algorithms or trade secrets, ensure your organization's policies allow AI-assisted code review.
Troubleshooting Common Errors
"Could not fetch PR diff"
The GitHub CLI cannot access the pull request. Common causes:
# Re-authenticate with GitHub gh auth login # Check that you have access to the repository gh repo view owner/repo # Verify the PR number exists gh pr view 42
"PR diff is too large to analyze"
Very large PRs (1000+ changed lines) may hit context limits. Try:
You: "Review only the
src/api/changes in PR #200."
Narrowing the scope to specific directories or files helps the agent provide more focused, higher-quality feedback.
"No issues found"
This can mean the code is clean, or the diff is too small for meaningful feedback. The agent will still provide a summary of changes even when no issues are detected.
FAQ
Yes. The skill uses your existing GitHub authentication and only accesses repositories you already have permission to view. It processes diffs locally through OpenClaw and does not send code to third-party services. For additional security, you can configure it to work in fully offline mode by providing the diff as local input. Review the [Safety Checklist](/skills#safety) for more details.
The PR Reviewer skill is lighter and more conversational. Dedicated tools like CodeRabbit offer dashboard UIs, CI integration, and team analytics. The OpenClaw PR Reviewer excels at on-demand, natural-language reviews where you can ask follow-up questions, request deeper analysis on specific files, or adjust the review focus in real time. Many teams use both — automated CI tools for baseline checks and the [OpenClaw PR Reviewer](/skills/pr-reviewer) for deeper, context-aware analysis.
The skill supports posting comments, but this is disabled by default for safety. When enabled, the agent will post inline comments on the PR using `gh api`. Each comment is shown to you for approval before posting. Combine this with the [GitHub skill](/skills/github) for full PR management, and use [Conventional Commits](/skills/conventional-commits) to ensure your commit messages are also well-formatted.
Related Skills
Advanced git workflows (rebase/cherry-pick/cleanup).