What it does
PR Review Assistant extends Claude Code with the ability to perform structured, multi-dimensional code reviews on any diff or pull request. It outputs a formatted review report you can read locally or copy directly into a GitHub PR review — complete with inline comment suggestions pinned to specific lines.
The review engine analyses four dimensions simultaneously: security vulnerabilities, code quality issues, performance concerns, and style consistency. Each finding is ranked by severity so you can triage quickly.
How to install
npx plugins add pr-reviewer
Review types
- Security scan: SQL injection, XSS, unvalidated input, hardcoded secrets, insecure dependencies
- Code quality: complexity hotspots, duplicated logic, missing error handling, dead code
- Performance: N+1 queries, unnecessary re-renders, blocking synchronous calls, large bundle impact
- Style: naming conventions, function length, comment coverage, test absence
Example review
## PR Review: feat/user-auth — 3 files changed ### Summary Implements session-based authentication. Logic is sound but 2 security issues require attention before merge. ### Security issues (2) - [HIGH] src/auth/login.ts:47 — password compared without constant-time equality; vulnerable to timing attacks. Suggestion: use `crypto.timingSafeEqual()` instead. - [MED] src/middleware/session.ts:12 — session secret read from process.env without fallback guard. Will throw in CI. ### Code quality (2 suggestions) - src/auth/register.ts:93 — validateEmail() called 3×; hoist result to const. - Missing unit tests for refreshToken() edge cases. ### Performance notes No blocking issues detected.
GitHub integration tip: After generating the review, ask Claude to format the findings as GitHub suggestion blocks (```suggestion). You can then paste them directly into the GitHub PR review interface as inline comments.