How is the risk level determined?

Risk is derived from loaded risk patterns (references/risk-patterns.md) for the detected tech stack and change type; resulting level is Low, Medium, High, or Critical.

Where is the QA review saved?

Saved to qa-artifacts/pr-reviews/pr-review-YYYY-MM-DD- .md as described in the Save section.

pr-review

npx machina-cli add skill cyberwalk3r/qa-toolkit/pr-review --openclaw

Files (1)

SKILL.md

2.5 KB

PR Review Assistant

Generate a QA-focused review of a pull request. Read qa-artifacts/.qa-config.json for project context.

Input

Accept any of: PR URL, branch name, diff output, file list, or description of changes. Use $ARGUMENTS for the PR identifier.

Workflow

Analyze the changes — read the diff, modified files, and commit messages
Classify the change type: feature, bugfix, refactor, dependency update, config change, migration
Load risk patterns from references/risk-patterns.md based on detected tech stack
Generate the review

Output Structure

What Changed

1-3 sentence plain-English summary of what this PR does from a user's perspective.

Change Classification

Type: Feature / Bugfix / Refactor / Config / Migration / Dependency
Scope: Which areas of the application are affected
Risk Level: Low / Medium / High / Critical

Risk Flags

Flag any of these if detected:

🔴 Database/migration changes
🔴 Authentication or authorization changes
🔴 Payment or financial logic
🟡 API contract changes (request/response shape)
🟡 Missing or reduced test coverage
🟡 Hardcoded values (URLs, credentials, config)
🟡 Large file changes (>300 lines in a single file)
🟢 Error handling added/modified
🟢 New dependencies added

QA Checklist

Generate numbered, actionable items specific to THIS PR's changes. Not generic — every item should reference specific functionality from the diff.

Regression Areas

What existing functionality could break because of these changes?

Recommendation

Approve — changes look safe, standard testing sufficient
Needs Testing — specific areas need manual verification before merge
Request Changes — issues found that should be addressed

Save

Save to qa-artifacts/pr-reviews/pr-review-YYYY-MM-DD-<brief>.md

Adapting

For detailed risk patterns by tech stack, read references/risk-patterns.md. For detailed review criteria by change type, read references/review-criteria.md.

Suggested Next Steps

After generating the review, suggest based on results:

If Risk Level is Medium or higher: "Consider running /qa-toolkit:regression-planner to map the impact radius and plan targeted regression testing."
Always: "Generate test cases for the changed functionality with /qa-toolkit:test-cases."

Source

git clone https://github.com/cyberwalk3r/qa-toolkit/blob/main/skills/pr-review/SKILL.mdView on GitHub

Overview

PR Review Assistant analyzes a PR's changes (diffs, modified files, and commit messages) to produce a QA-centric review. It classifies the change type, loads risk patterns for the project tech stack, and outputs risk flags, a testing checklist, and regression notes to guide reviewers.

How This Skill Works

1) Analyze the PR input (URL, branch, diff, or file list) and summarize changes. 2) Classify the change type (Feature, Bugfix, Refactor, Config, Migration, Dependency) and affected scope. 3) Load risk patterns from references/risk-patterns.md based on the detected tech stack and generate the final QA review with actionable items.

When to Use It

Review a PR that adds a feature across modules.
Review a bugfix that touches core business logic or API contracts.
Review a refactor or dependency update that could impact behavior.
Review config changes or feature flag toggles affecting deployment.
Review large diffs (>300 lines in a single file) or migration changes.

Quick Start

Step 1: Provide PR identifier (URL, branch, diff, or file list) for analysis.
Step 2: Run PR Review Assistant to classify changes, load risk patterns, and generate a QA-focused review.
Step 3: Save the output to qa-artifacts/pr-reviews/pr-review-YYYY-MM-DD-<brief>.md and act on the suggested next steps.

Best Practices

Read qa-artifacts/.qa-config.json for project context before composing the review.
Analyze the diff and commit messages to understand intent.
Classify the change type and affected scope (Feature/Bugfix/Refactor/Config/Migration/Dependency).
Load risk patterns from references/risk-patterns.md using the detected tech stack.
Flag risks with the provided icons, then generate a targeted QA checklist referencing the actual changes.

Example Use Cases

Bugfix PR: Fix rounding error in invoice total; risk: financial logic; QA checklist targets edge cases and totals.
Feature PR: Add multi-tenancy support across services; risk: API contract changes; QA checklist covers tenant scoping and authorization.
Refactor PR: Move utilities to shared library; risk: breaking imports; QA: run full unit/integration tests.
Config PR: Introduce beta flag for a new endpoint; risk: config behavior across environments; QA: verify flag gating and default states.
Migration PR: DB schema migration for user_profiles; risk: data integrity; QA: verify migrations and rollback.

Frequently Asked Questions

Add this skill to your agents