Skip to main content
Community resource — not affiliated with Anthropic. Learn more

PR Review Assistant

Claude Code Plugin · Git & Version Control

Comprehensive pull request reviews with code quality analysis, security vulnerability scanning, performance suggestions, and inline comment generation ready to paste into GitHub.

4.8 rating 7,400+ installs Free · Open source
Official Code Review Security GitHub

Install Plugin

npx plugins add pr-reviewer
Install Plugin →

Free · Open source · MIT license

7.4kInstalls
4.8Rating

What it does

PR Review Assistant extends Claude Code with the ability to perform structured, multi-dimensional code reviews on any diff or pull request. It outputs a formatted review report you can read locally or copy directly into a GitHub PR review — complete with inline comment suggestions pinned to specific lines.

The review engine analyses four dimensions simultaneously: security vulnerabilities, code quality issues, performance concerns, and style consistency. Each finding is ranked by severity so you can triage quickly.

How to install

terminal
npx plugins add pr-reviewer

Review types

  • Security scan: SQL injection, XSS, unvalidated input, hardcoded secrets, insecure dependencies
  • Code quality: complexity hotspots, duplicated logic, missing error handling, dead code
  • Performance: N+1 queries, unnecessary re-renders, blocking synchronous calls, large bundle impact
  • Style: naming conventions, function length, comment coverage, test absence

Example review

plugin output — structured review
## PR Review: feat/user-auth — 3 files changed

### Summary
Implements session-based authentication. Logic is sound but
2 security issues require attention before merge.

### Security issues (2)
- [HIGH] src/auth/login.ts:47 — password compared without
  constant-time equality; vulnerable to timing attacks.
  Suggestion: use `crypto.timingSafeEqual()` instead.
- [MED] src/middleware/session.ts:12 — session secret read
  from process.env without fallback guard. Will throw in CI.

### Code quality (2 suggestions)
- src/auth/register.ts:93 — validateEmail() called 3×;
  hoist result to const.
- Missing unit tests for refreshToken() edge cases.

### Performance notes
No blocking issues detected.

GitHub integration tip: After generating the review, ask Claude to format the findings as GitHub suggestion blocks (```suggestion). You can then paste them directly into the GitHub PR review interface as inline comments.