by 下载技能包
最后更新
2026/4/21
安全扫描
OpenClaw
可疑
medium confidenceThe skill's stated purpose (automated PR review pipeline) is plausible and mostly coherent, but the runtime instructions expect external tooling/permissions (gh CLI, Git repo access, and an output channel like Feishu) that are not declared as requirements—this mismatch and the fact it will read repo code, create GitHub issues, and write local learning logs merit caution.
评估建议
Before installing or enabling PR Doctor, check the following: (1) It expects the 'gh' CLI and an authenticated GitHub session—ensure you understand which account will be used (read vs write permissions). (2) The skill will read PR diffs and repository files and may create GitHub Issues automatically—sensitive code or secrets could be captured in issue bodies or local logs. Consider disabling automatic issue creation (or require confirmation) and run the skill on non-sensitive repositories first....详细分析 ▾
ℹ 用途与能力
The name/description and the workflow (code review → test analysis → create issues → log learnings) match each other and the included workflow.json. Delegating to specialized skills (code-review-skill, testing-patterns, github-issues-skill, self-improvement) is coherent for the stated goal.
⚠ 指令范围
SKILL.md explicitly instructs using 'gh pr diff' and reading PR diffs, creating issues, and writing a .learnings/ directory. That means the agent will read repository code (potentially the whole repo depending on how diffs are gathered), create external GitHub Issues (which may expose findings publicly), and write files locally—actions that go beyond simple summarization. These behaviors are coherent with purpose but are impactful and should be consented to; the SKILL.md also assumes gh is available and authenticated, which is not declared elsewhere.
✓ 安装机制
This is an instruction-only skill with no install spec or code to write to disk. That reduces installation risk. There is no download/execute step defined in the package itself.
⚠ 凭证需求
The metadata lists no required env vars or binaries, but the instructions and workflow.json require 'gh' CLI authentication (gh auth login) and Git repo access. workflow.json also lists 'feishu' as an output channel, which would require credentials/integration that are not declared. The skill thus implicitly relies on credentials and tools not declared up front—this mismatch can lead to accidental use of existing authorized credentials or unexpected external posting.
ℹ 持久化与权限
always:false (normal). The skill writes local logs into '.learnings/' (self-improvement step)—that is moderate persistence limited to its own files but could capture sensitive code snippets. It does not request to modify other skills or global configuration.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/21
- 首次发布:pr-doctor 1.0.0 倾力推出,打造全流程自动化 PR 质量保障流水线 - 实现自动代码审查、测试覆盖分析、问题自动追踪与持续改进 - 支持多种触发词,快速启动审查流程,输出综合审查报告与质量评分 - 自动创建 GitHub Issue,分级汇报并关联原始 PR - 持续记录学习点,助力流程智能进化 - 一键体验高效、安全的 PR 检查与反馈
● 无害
安装命令
点击复制官方npx clawhub@latest install pr-doctor
镜像加速npx clawhub@latest install pr-doctor --registry https://cn.longxiaskill.com