Skip to main content
Independent directory. Not affiliated with Anthropic. Disclaimer

PR Review Assistant

Development › Code Review

Comprehensive pull request review with code quality feedback, security vulnerability detection, performance notes, and actionable inline suggestion comments. Works with any language and outputs GitHub-compatible review format.

1,800+ installs
4.8 rating
By Official
MIT License
Code Review CI/CD Security Quality

What it does

PR Review Assistant reads your pull request diff end to end and produces a structured review covering four dimensions: correctness bugs, security vulnerabilities, performance concerns, and code style alignment with your existing patterns. For each issue found, it generates a comment that includes the file path, line reference, a clear description of the problem, and a concrete suggested fix — formatted to paste directly into a GitHub review or post via the API.

The security check covers common vulnerability classes including SQL injection risks, unvalidated user input flowing into shell commands, hardcoded credentials, exposed secrets in environment variable handling, unsafe deserialization, and insecure direct object references. The skill is language-agnostic and has been tested with TypeScript, Python, Go, Rust, Ruby, Java, and PHP codebases of varying sizes.

How to install

bash
npx skills add user/pr-review-assistant

After installation the skill is available immediately. No GitHub token configuration is required for local diff review — provide a token only if you want the skill to post comments directly to your repository via the GitHub API.

How to use

Point Claude at your current branch diff or paste in a diff file path:

prompt
Review my current branch diff against main for bugs and security issues

The output is a structured review with categorized findings:

output
## Security — HIGH
File: src/api/users.ts · Line 84
User ID from request params is passed directly to a raw SQL
query without parameterization. This is a SQL injection vector.

Suggested fix:
  db.query('SELECT * FROM users WHERE id = $1', [req.params.id])

## Style — LOW
File: src/utils/format.ts · Line 12
Function lacks a return type annotation; rest of codebase uses
explicit types. Add `: string` to match existing conventions.

Configuration

Control the review scope and output format with inline options:

prompt
# Security-only review
Review my diff, security issues only, severity HIGH and CRITICAL

# Exclude test files
Review my diff, skip test files, focus on src/

# GitHub-ready format
Review my diff and format output as GitHub review comments JSON

Tip: Run PR Review Assistant as a pre-merge step in your local workflow before pushing. Catching a SQL injection locally takes seconds; catching it post-merge takes days of incident response.

Related skills

Use Smart Git Commit to ensure your commit history is clean before opening a PR. Pair with Code Documentor to auto-document any new functions discovered during the review, and Test Generator to produce test cases for uncovered code paths the reviewer flagged.