🔍

Review PR Skill

A structured pull request review process that reads all changed files, analyzes for bugs, security, performance, and style, then delivers feedback with severity ratings. Triggered with /review-pr.

Skill·/review-pr·3 sections·1 min read

codingdevops

Install Prompt

Paste this into Claude Code to set it up:

I want to add the /review-pr skill to my Claude Code setup.

Create the directory ~/.claude/skills/review-pr/ and inside it create SKILL.md with the PR review workflow.

The skill should:
- Fetch PR details and diff from GitHub
- Analyze code changes for bugs, security issues, and style
- Provide structured feedback with line references
- Suggest improvements and flag concerns

After creating the file, the skill is immediately available via /review-pr.

01What It Does

Thorough reviews in a single command

Type /review-pr 123 and Claude fetches the pull request, reads every changed file in full (not just the diff), analyzes the code across five dimensions, and delivers a structured review. It can also post the review back to GitHub if you want it to.

Fetch the PR

Gets PR details, diff, and metadata using gh CLI or GitHub MCP. Works with PR numbers or the current branch's PR.

Read all changed files

Reads the full current version of every modified file, not just the diff. Understands changes in context of the surrounding code.

Analyze across five dimensions

Checks for bugs, security vulnerabilities, performance issues, code quality, and test coverage. Each finding gets a severity rating.

Deliver structured feedback

Organized by severity: Critical (must fix), Warning (should fix), Suggestion (nice to have). Includes specific code fixes and acknowledges good patterns.

Post to GitHub (optional)

If requested, posts the review as a PR comment, request for changes, or approval directly to GitHub.

02What It Checks

🐛

BugsLogic errors, null access, race conditions, missing error handling, type safety gaps, broken edge cases.

🔒

SecuritySQL injection, XSS, CSRF, hardcoded secrets, missing validation, auth gaps, exposed sensitive data.

⚡

PerformanceN+1 queries, missing pagination, unbounded loops, memory leaks, unnecessary re-renders, large bundle additions.

✨

Code QualityNaming clarity, function length, code duplication, dead code, missing comments, inconsistent patterns.

🧪

Test CoverageAre new features tested? Edge cases covered? Error paths exercised? Assertions meaningful, not just "it runs"?

03Review Principles

Be specific. Reference exact files and lines. Include code snippets for suggested fixes.

Explain the why. Don't just say "change this." Explain the risk or benefit so the author learns.

Suggest, don't demand. Use "consider" for style preferences. Reserve strong language for real bugs.

Acknowledge good work. A review that only lists problems is incomplete. Good code deserves recognition.

Stay in scope. Review what changed. Existing issues in unchanged code are separate tasks.

One pass, complete feedback. Avoid drip feeding comments across multiple review rounds.