OpenSkillIndex← back to search
claude-code

Auto-GPT pr-review

Review a PR for correctness, security, code quality, and testing issues. TRIGGER when user asks to review a PR, check PR quality, or give feedback on a PR.

install
source · Clone the upstream repo
git clone https://github.com/Significant-Gravitas/AutoGPT
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/Significant-Gravitas/AutoGPT "$T" && mkdir -p ~/.claude/skills && cp -r "$T/.claude/skills/pr-review" ~/.claude/skills/significant-gravitas-auto-gpt-pr-review && rm -rf "$T"
manifest: .claude/skills/pr-review/SKILL.md
source content

PR Review

Find the PR

gh pr list --head $(git branch --show-current) --repo Significant-Gravitas/AutoGPT
gh pr view {N}

Read the PR description

Before reading code, understand the why, what, and how from the PR description:

gh pr view {N} --json body --jq '.body'

Every PR should have a Why / What / How structure. If any of these are missing, note it as feedback.

Read the diff

gh pr diff {N}

Fetch existing review comments

Before posting anything, fetch existing inline comments to avoid duplicates:

gh api repos/Significant-Gravitas/AutoGPT/pulls/{N}/comments --paginate
gh api repos/Significant-Gravitas/AutoGPT/pulls/{N}/reviews

What to check

Description quality: Does the PR description cover Why (motivation/problem), What (summary of changes), and How (approach/implementation details)? If any are missing, request them — you can't judge the approach without understanding the problem and intent.

Correctness: logic errors, off-by-one, missing edge cases, race conditions (TOCTOU in file access, credit charging), error handling gaps, async correctness (missing 

await
, unclosed resources).

Security: input validation at boundaries, no injection (command, XSS, SQL), secrets not logged, file paths sanitized (

os.path.basename()
in error messages).

Code quality: apply rules from backend/frontend CLAUDE.md files.

Architecture: DRY, single responsibility, modular functions. 

Security()
vs 
Depends()
for FastAPI auth. 
data:
for SSE events, 
: comment
for heartbeats. 
transaction=True
for Redis pipelines.

Testing: edge cases covered, colocated 

*_test.py
(backend) / 
__tests__/
(frontend), mocks target where symbol is used not defined, 
AsyncMock
for async.

Output format

Every comment must be prefixed with 

🤖
and a criticality badge:

TierBadgeMeaning
Blocker
🔴 **Blocker**
Must fix before merge
Should Fix
🟠 **Should Fix**
Important improvement
Nice to Have
🟡 **Nice to Have**
Minor suggestion
Nit
🔵 **Nit**
Style / wording

Example: 

🤖 🔴 **Blocker**: Missing error handling for X — suggest wrapping in try/except.

Post inline comments

For each finding, post an inline comment on the PR (do not just write a local report):

# Get the latest commit SHA for the PR
COMMIT_SHA=$(gh api repos/Significant-Gravitas/AutoGPT/pulls/{N} --jq '.head.sha')

# Post an inline comment on a specific file/line
gh api repos/Significant-Gravitas/AutoGPT/pulls/{N}/comments \
  -f body="🤖 🔴 **Blocker**: <description>" \
  -f commit_id="$COMMIT_SHA" \
  -f path="<file path>" \
  -F line=<line number>