{"id":"c7c6b1d7-0562-4482-bb8b-7d60111e68bf","shortId":"jtLbsW","kind":"skill","title":"pr-review","tagline":"Use when reviewing a pull request, merge request, or local diff for correctness, security, and code quality.","description":"target = $ARGUMENTS\n\n## Resolve the target\n\n- Empty → PR/MR of the current branch.\n- Number → that PR/MR on the current remote (use `gh` for GitHub, `glab` for GitLab).\n- Branch name or local path → diff against its merge base.\n\nRead the PR description, linked issues, and commit messages before the diff — a review grounded only in diff lines misses when code drifts from stated intent. Pull CI status too; a failing pipeline is load-bearing context.\n\n## Stance\n\nFrame feedback as questions and impact; the author decides the fix. A reviewer who cites rules instead of explaining consequences trains authors to work around the review rather than with it.\n\n## Dimensions\n\nCorrectness is table stakes — the diff shows bugs directly. These dimensions catch what the diff hides:\n\n**Security** — Trace user-controlled data from source to sink: SQL concatenation, input reaching command execution or file paths, hardcoded secrets, missing authorization on new endpoints, removed or weakened validation. Source-to-sink flow without sanitization is CRITICAL regardless of perceived exploitability.\n\n**Breaking changes** — Modified signatures, removed exports, changed response shapes, new required fields, migrations without backward compatibility. Grep for callers of changed symbols — the diff cannot show consumers it doesn't touch.\n\n**Performance** — N+1 queries, quadratic algorithms in hot paths, unbounded allocations, resource leaks, blocking operations in async contexts.\n\n**Dependencies** — New dependencies: license, maintenance status, known CVEs. Major version bumps may carry breaking API changes — read the changelog; version number alone is not evidence.\n\n**Tests** — Critical paths covered (auth, data integrity, payments), boundaries and failure paths exercised, assertions test outcomes not implementation. Missing tests for new branches are a gap; snapshot-only tests for logic-heavy code are usually a gap disguised as coverage.\n\n**Over-engineering** — LLM-generated code has a specific failure mode: unnecessary abstractions, helpers used once, patterns for hypothetical flexibility, premature configurability. Flag explicitly — common, costly, reviewers underweight them.\n\n## Severity\n\n- **CRITICAL** — security exposure, data loss or corruption, breaking change without migration, crash on normal input. Blocks merge.\n- **IMPORTANT** — correctness bug on uncommon paths, performance regression in a hot path, missing test for a critical branch, contract drift callers will hit.\n- **SUGGESTION** — clarity, naming, or structural wins. Author can defer.\n- **QUESTION** — intent or context unclear; author clarification needed before severity can be assigned.\n\n## Output\n\n### Findings\n\nEvery CRITICAL and IMPORTANT finding includes *why it matters* and a *concrete fix suggestion*.\n\n```\n1. [CRITICAL] file:line — Title\n   Why: impact explanation\n   Fix: concrete code or approach\n\n2. [IMPORTANT] file:line — Title\n   Why: impact explanation\n   Fix: concrete code or approach\n\n3. [SUGGESTION] file:line — Title\n   Fix: brief recommendation\n\n4. [QUESTION] file:line — Title\n   Clarification needed.\n```\n\n### Summary\n\n| Area | Status |\n|------|--------|\n| CI | passing / failing / not run |\n| Scope | clean / needs split |\n| Correctness | clean / N issues |\n| Security | clean / N issues |\n| Breaking changes | none / N risks |\n| Performance | clean / N issues |\n| Tests | adequate / gaps noted |\n\n### Verdict\n\n- Any CRITICAL → **REQUEST_CHANGES**\n- Only IMPORTANT/SUGGESTION/QUESTION → **APPROVE** (with comments)\n- Clean → **APPROVE**\n\n## Submitting\n\nDefault is local report only. Post to the platform only when the user explicitly asks.","tags":["review","dotclaude","jhostalek","agent-skills","ai-coding","anthropic","claude","claude-code","claude-code-skills","code-review","codex-cli","cursor"],"capabilities":["skill","source-jhostalek","skill-pr-review","topic-agent-skills","topic-ai-coding","topic-anthropic","topic-claude","topic-claude-code","topic-claude-code-skills","topic-code-review","topic-codex-cli","topic-cursor","topic-developer-tools","topic-git-workflow","topic-multi-agent"],"categories":["dotclaude"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/JHostalek/dotclaude/pr-review","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add JHostalek/dotclaude","source_repo":"https://github.com/JHostalek/dotclaude","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (3,650 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:13:16.590Z","embedding":null,"createdAt":"2026-05-18T13:20:33.651Z","updatedAt":"2026-05-18T19:13:16.590Z","lastSeenAt":"2026-05-18T19:13:16.590Z","tsv":"'+1':219 '1':411 '2':424 '3':437 '4':445 'abstract':315 'adequ':482 'algorithm':222 'alloc':227 'alon':256 'api':249 'approach':423,436 'approv':492,496 'area':453 'argument':22 'around':119 'ask':512 'assert':273 'assign':394 'async':233 'auth':264 'author':102,116,165,379,387 'backward':200 'base':55 'bear':92 'block':230,348 'boundari':268 'branch':31,46,282,367 'break':186,248,340,472 'brief':443 'bug':134,352 'bump':245 'caller':204,370 'cannot':210 'carri':247 'catch':138 'chang':187,192,206,250,341,473,489 'changelog':253 'ci':83,455 'cite':109 'clarif':388,450 'clariti':374 'clean':461,465,469,478,495 'code':19,77,294,308,421,434 'command':157 'comment':494 'commit':63 'common':327 'compat':201 'concaten':154 'concret':408,420,433 'configur':324 'consequ':114 'consum':212 'context':93,234,385 'contract':368 'control':147 'correct':16,127,351,464 'corrupt':339 'cost':328 'cover':263 'coverag':301 'crash':344 'critic':181,261,333,366,398,412,487 'current':30,37 'cves':242 'data':148,265,336 'decid':103 'default':498 'defer':381 'depend':235,237 'descript':59 'diff':14,51,67,73,132,141,209 'dimens':126,137 'direct':135 'disguis':299 'doesn':214 'drift':78,369 'empti':26 'endpoint':168 'engin':304 'everi':397 'evid':259 'execut':158 'exercis':272 'explain':113 'explan':418,431 'explicit':326,511 'exploit':185 'export':191 'exposur':335 'fail':87,457 'failur':270,312 'feedback':96 'field':197 'file':160,413,426,439,447 'find':396,401 'fix':105,409,419,432,442 'flag':325 'flexibl':322 'flow':177 'frame':95 'gap':285,298,483 'generat':307 'gh':40 'github':42 'gitlab':45 'glab':43 'grep':202 'ground':70 'hardcod':162 'heavi':293 'helper':316 'hide':142 'hit':372 'hot':224,360 'hypothet':321 'impact':100,417,430 'implement':277 'import':350,400,425 'important/suggestion/question':491 'includ':402 'input':155,347 'instead':111 'integr':266 'intent':81,383 'issu':61,467,471,480 'known':241 'leak':229 'licens':238 'line':74,414,427,440,448 'link':60 'llm':306 'llm-gener':305 'load':91 'load-bear':90 'local':13,49,500 'logic':292 'logic-heavi':291 'loss':337 'mainten':239 'major':243 'matter':405 'may':246 'merg':10,54,349 'messag':64 'migrat':198,343 'miss':75,164,278,362 'mode':313 'modifi':188 'n':218,466,470,475,479 'name':47,375 'need':389,451,462 'new':167,195,236,281 'none':474 'normal':346 'note':484 'number':32,255 'oper':231 'outcom':275 'output':395 'over-engin':302 'pass':456 'path':50,161,225,262,271,355,361 'pattern':319 'payment':267 'perceiv':184 'perform':217,356,477 'pipelin':88 'platform':506 'post':503 'pr':2,58 'pr-review':1 'pr/mr':27,34 'prematur':323 'pull':8,82 'quadrat':221 'qualiti':20 'queri':220 'question':98,382,446 'rather':122 'reach':156 'read':56,251 'recommend':444 'regardless':182 'regress':357 'remot':38 'remov':169,190 'report':501 'request':9,11,488 'requir':196 'resolv':23 'resourc':228 'respons':193 'review':3,6,69,107,121,329 'risk':476 'rule':110 'run':459 'sanit':179 'scope':460 'secret':163 'secur':17,143,334,468 'sever':332,391 'shape':194 'show':133,211 'signatur':189 'sink':152,176 'skill' 'skill-pr-review' 'snapshot':287 'snapshot-on':286 'sourc':150,174 'source-jhostalek' 'source-to-sink':173 'specif':311 'split':463 'sql':153 'stake':130 'stanc':94 'state':80 'status':84,240,454 'structur':377 'submit':497 'suggest':373,410,438 'summari':452 'symbol':207 'tabl':129 'target':21,25 'test':260,274,279,289,363,481 'titl':415,428,441,449 'topic-agent-skills' 'topic-ai-coding' 'topic-anthropic' 'topic-claude' 'topic-claude-code' 'topic-claude-code-skills' 'topic-code-review' 'topic-codex-cli' 'topic-cursor' 'topic-developer-tools' 'topic-git-workflow' 'topic-multi-agent' 'touch':216 'trace':144 'train':115 'unbound':226 'unclear':386 'uncommon':354 'underweight':330 'unnecessari':314 'use':4,39,317 'user':146,510 'user-control':145 'usual':296 'valid':172 'verdict':485 'version':244,254 'weaken':171 'win':378 'without':178,199,342 'work':118","prices":[{"id":"8dd64b75-6209-464e-a098-0d48c83cc725","listingId":"c7c6b1d7-0562-4482-bb8b-7d60111e68bf","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"JHostalek","category":"dotclaude","install_from":"skills.sh"},"createdAt":"2026-05-18T13:20:33.651Z"}],"sources":[{"listingId":"c7c6b1d7-0562-4482-bb8b-7d60111e68bf","source":"github","sourceId":"JHostalek/dotclaude/pr-review","sourceUrl":"https://github.com/JHostalek/dotclaude/tree/main/skills/pr-review","isPrimary":false,"firstSeenAt":"2026-05-18T13:20:33.651Z","lastSeenAt":"2026-05-18T19:13:16.590Z"}],"details":{"listingId":"c7c6b1d7-0562-4482-bb8b-7d60111e68bf","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"JHostalek","slug":"pr-review","github":{"repo":"JHostalek/dotclaude","stars":8,"topics":["agent-skills","ai-coding","anthropic","claude","claude-code","claude-code-skills","code-review","codex-cli","cursor","developer-tools","git-workflow","multi-agent","prompt-engineering","skill-md"],"license":"cc0-1.0","html_url":"https://github.com/JHostalek/dotclaude","pushed_at":"2026-05-17T15:07:41Z","description":"Agent skills for agentic coding tools. Extremely opinionated. Updated (almost) daily.","skill_md_sha":"2c31385c5fafd3d5beca5f07648c8cf788c77685","skill_md_path":"skills/pr-review/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/JHostalek/dotclaude/tree/main/skills/pr-review"},"layout":"multi","source":"github","category":"dotclaude","frontmatter":{"name":"pr-review","description":"Use when reviewing a pull request, merge request, or local diff for correctness, security, and code quality."},"skills_sh_url":"https://skills.sh/JHostalek/dotclaude/pr-review"},"updatedAt":"2026-05-18T19:13:16.590Z"}}