PR Reviewer
Alert level: High
GitHub pull-request review automation with diff analysis, lint checks, and optional review posting.
Locality:Hybrid
Data access:Sensitive
Actions:Write
Installs 10Downloads 1688Stars 0Updated 11h ago
Why this rating
Deterministic checks triggered by the tool capabilities and evidence.
- Locality: Hybrid
Local review scripts depend on authenticated GitHub API/CLI access.
- Data access: Sensitive
PR diffs often contain proprietary code and security-relevant changes.
- Action surface: Write
Posting review outputs/comments updates external repository state.
Best practices
Follow these steps to reduce risk when using this skill.
- Use least-privilege GitHub tokens and repo-scoped access.
- Never post raw secret findings publicly; use secure disclosure channels.
- Gate auto-posting behind branch protections or reviewer approval rules.
Evidence links
Public sources backing the indicator assignments.
Always be careful when navigating away from the website.
Max-risk rule
If any capability reaches a higher level, the entire indicator level bumps up to keep ratings deterministic and easy to scan.