Use when user mentions reviewing PRs, provides GitHub PR URLs/numbers, or discusses code review. Provides structured analysis of code quality, backward compatibility, security issues, test coverage, and unaddressed comments with categorized findings (Critical/High/Medium/Low). Creates isolated git worktree for safe review, ensures comprehensive security analysis, and generates actionable recommendations. Invoke before analyzing any pull request changes.
Analyzes GitHub pull requests using an isolated git worktree for safe review. Automatically creates a temporary workspace when you provide a PR URL or number, then launches a fresh session to examine code quality, security, testing, and compatibility issues with structured findings.
/plugin marketplace add bbrowning/bbrowning-claude-marketplace/plugin install bbrowning-claude@bbrowning-marketplaceThis skill is limited to using the following tools:
reference/review-checklist.mdreference/severity-guide.mdtemplates/review-report.mdThis skill guides comprehensive PR reviews using the GitHub CLI and local code analysis.
When this skill is invoked:
If user is already in a PR worktree (mentions "already in worktree", "skip to step 3", or "skip worktree setup"):
If user provides a PR reference (URL, org/repo#number, etc.) and is NOT in a worktree:
Supported PR reference formats:
<github_org>/<github_repo>/pull/<pull_request_number><github_org>/<github_repo>#<pull_request_number>Note: For setting up worktrees, you can also use the /pr-review slash command which handles the setup workflow and provides handoff instructions.
Determine the repository location:
First, check if the repository exists locally on this machine:
Create a new worktree with the PR checked out:
# Navigate to the repository (if not already there)
cd /path/to/<repo>
# Create worktree and check out the PR
# Use format: <repo_name>-pr-<pr_number> for the branch and directory
git worktree add ../<repo_name>-pr-<pr_number> -b <repo_name>-pr-<pr_number>
cd ../<repo_name>-pr-<pr_number>
gh pr checkout <pr_number>
Example for vLLM project PR #12345 where vllm is at /Users/alice/repos/vllm:
cd /Users/alice/repos/vllm
git worktree add ../vllm-pr-12345 -b vllm-pr-12345
cd ../vllm-pr-12345
gh pr checkout 12345
Share .claude configuration across worktrees:
After creating the worktree, set up .claude/ configuration sharing if needed:
cd ../<repo_name>-pr-<pr_number>
# Check if .claude already exists (from git or previous setup)
if [ ! -e .claude ]; then
# Get main worktree path
MAIN_WORKTREE=$(git worktree list --porcelain | awk '/^worktree/ {print $2; exit}')
# If .claude exists in main worktree, create symlink
if [ -d "$MAIN_WORKTREE/.claude" ]; then
ln -s "$MAIN_WORKTREE/.claude" .claude
echo "Created .claude symlink to share configuration"
fi
fi
Why symlink .claude?
.claude/ is committed to git, it's already available; if not, the symlink shares itCRITICAL SAFETY: Never run code from the PR. It may contain untrusted code. Only read and analyze files.
After creating the worktree, STOP HERE. Do NOT continue to step 3 in this session.
CRITICAL HANDOFF POINT: You must provide the user with instructions to launch a NEW Claude Code session in the worktree. The review MUST happen in a fresh session in the worktree directory, NOT in the current session.
Why this matters:
IMPORTANT: Include ALL relevant skills that were loaded in the current session in the handoff prompt. This ensures the new Claude Code session has the full context needed for the review.
Before providing handoff instructions, identify which skills were loaded for this review:
Example: For a llama-stack PR, both pr-review and llama-stack skills would be relevant.
IMPORTANT: Only provide the plain text prompt below. Do NOT invent or reference non-existent slash commands (like /continue-pr-review). The only real slash command is /bbrowning-claude:pr-review which was already used to set up the worktree.
I've created a git worktree for PR #<pr_number> (<github_org>/<github_repo>) at: <worktree_path>
To continue the review in an isolated environment:
1. Open a new terminal
2. Navigate to the worktree: cd <worktree_path>
3. Launch Claude Code: claude
4. In the new Claude Code session, provide this prompt:
> Review PR #<pr_number> for <github_org>/<github_repo>. I'm already in a git worktree with the PR checked out. Use [list ALL relevant skills: pr-review, <repo-specific>, <domain-specific>] and skip directly to step 3 (Gather PR Context) since the worktree is already set up.
This ensures we're reviewing the correct code in isolation with all necessary context.
Why this matters:
⚠️ STOP: The steps below (3-9) are ONLY performed in the NEW Claude Code session within the worktree.
If you just created a worktree in step 1-2, DO NOT proceed to step 3. Provide handoff instructions and wait for the user to start a new session.
If you're in a fresh session and the user says "already in worktree" or "skip to step 3", then proceed with step 3.
IMPORTANT: Remember to clean up the worktree after completing the review (see section 9 below).
Fetch PR details:
gh pr view <pr_number> --json title,body,commits,comments,reviews,files
Extract and note:
Identify unaddressed comments: Look for review comments that:
Flag these prominently in your review.
Get the diff:
gh pr diff <pr_number> > pr_changes.diff
For large PRs (>500 lines changed), break the review into logical sections (e.g., by file, by functionality).
Reference the local pr_changes.diff as you need to find changes in the PR over repeated calls to gh pr diff. And remember that you are already in a directory that has the PR cloned and checked out, so you can also look at local files.
Review each changed file systematically:
Use Read, Grep, and Glob tools to examine:
Apply review checklist:
For comprehensive criteria, see reference/review-checklist.md. Key areas:
Code Quality
Correctness
Testing
Security
pull_request_target + checkout of untrusted code pattern in workflowsauth-security skill for comprehensive security guidance on JWT validation, token exchange, OAuth 2.1 compliance, and MCP authorization patternsPerformance
Backward Compatibility
Documentation
Check alignment with PR description:
Verify comments match code:
Assess scope creep:
Use the severity guide in reference/severity-guide.md to categorize each finding:
Be specific about:
Write findings to ./pr_review_results.md using the template in templates/review-report.md.
Report structure:
Key principles:
After writing ./pr_review_results.md, present:
Ask if the user wants:
After completing the PR review, return to the original terminal session where you created the worktree and clean up:
Clean up the worktree and branch:
# Return to the main repository (if not already there)
cd /path/to/<repo>
# Remove the worktree (--force handles modified/untracked files)
git worktree remove --force <repo_name>-pr-<pr_number>
# Delete the local branch
git branch -D <repo_name>-pr-<pr_number>
Example for vLLM PR #12345:
cd ~/src/vllm
git worktree remove --force vllm-pr-12345
git branch -D vllm-pr-12345
This will:
Alternative approach with verification step:
# Navigate to the main repository
cd /path/to/<repo>
# List worktrees to verify the one to remove
git worktree list
# Remove the worktree (--force handles modified/untracked files)
git worktree remove --force <repo_name>-pr-<pr_number>
# Delete the local branch
git branch -D <repo_name>-pr-<pr_number>
Why cleanup matters:
Safety note: The worktree removal is safe because:
IMPORTANT: After gathering PR context and determining which repository is being reviewed, check for repository-specific skills that provide specialized review guidance.
llamastack/llama-stack, vllm-project/vllm)1. Gather PR context → Determine repository is "llamastack/llama-stack"
2. Check for skills → Find "Reviewing Llama Stack Code" skill
3. Invoke skill → Use Skill tool with "bbrowning-claude:llama-stack"
4. Apply guidance → Use Llama Stack-specific patterns in review
If no specialized skill is found:
Before completing the review, ensure:
./pr_review_results.mdThis skill is designed to be customized:
reference/review-checklist.mdreference/severity-guide.mdtemplates/review-report.mdllama-stack, vllm) rather than modifying this skillauth-security skillFor repositories you frequently review, create dedicated skills:
skill-builder skill for guidance on creating skillsThe goal is a thorough, actionable review that helps maintain code quality while being respectful and constructive.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.