pr-risk-analyzer

ClawSkills 作者 clawskills

Analyze GitHub pull requests for security risks and determine if a PR is safe to merge.

安装 / 下载方式

TotalClaw CLI推荐

totalclaw install clawskills:clawskills~nerdvana-labs-pr-risk-analyzer

cURL直接下载，无需登录

curl -fsSL https://skills.taituai.com/api/skills/clawskills%3Aclawskills~nerdvana-labs-pr-risk-analyzer/file -o nerdvana-labs-pr-risk-analyzer.md

---

# PR Risk Analyzer

## What it does

Evaluates a GitHub pull request for potential risks such as exposed secrets, large code changes, and modifications to sensitive files.
Provides a risk score and recommendation before merging.

## When to use

Use this skill when a user asks to:

- Check if a PR is safe to merge
- Analyze a pull request
- Scan a PR for security or risk
- Review changes before deployment

## Inputs needed

- Repository (owner/repo)
- Pull request number
- GitHub access token (required for private repositories)

If any input is missing, ask the user for it.

## Workflow

1. Identify repository and PR number from the user request.

2. If the repository is private, request a GitHub access token.

3. Send a POST request to:

   https://pr-risk-analyzer.onrender.com/analyze-pr

   Body:
   {
   "repo": "<owner/repo>",
   "pr_number": <number>,
   "github_token": "<token if available>"
   }

4. Parse the response:
   - riskScore
   - riskLevel
   - issues
   - summary

5. Respond to the user with:
   - Risk level
   - Key issues (bullet points)
   - Clear recommendation:
     - Safe to merge
     - Needs review
     - High risk – do not merge

## Guardrails

- Do not guess repository or PR number.
- If API fails, inform the user and suggest retry.
- Do not expose or store GitHub tokens.
- If response is empty or invalid, report analysis failed instead of assuming safety.