When to Use
- -You want automated first-pass code review on every PR
- -You need consistent security review across your codebase
- -You want to catch style and logic issues before human review
- -You maintain multiple repos and want standardized review practices
Inputs
Git repo URL, PR number or diff, review depth (quick/standard/thorough).
Outputs
Review summary with risk rating, per-file comments, security findings, suggested fixes.
Tools Required
Git CLIOpenAI/ClaudeGitHub APIESLint/ruffSemgrep
Skill Safety
Every 4M Labs skill is designed to be readable, auditable, and easy to modify before use. Treat skills like code: review them before running, check tool permissions, and keep secrets out of prompts.
SKILL.md
--- name: code-review-workflow description: Gives an agent the ability to review pull requests and code diffs, identify bugs, security issues, style violations, and generate structured, actionable review feedback. inputs: - repo_url: Git repository URL - pr_number_or_diff: Pull request number or raw unified diff - review_depth: quick (5 min), standard (15 min), thorough (30 min) - language_rules: Optional per-language linting config and style guide outputs: - review_summary: Overall assessment with risk rating (critical/high/medium/low) - file_reviews: Per-file review comments with line numbers - security_findings: Vulnerability classification and severity - style_violations: Consistent styling issues with auto-fix suggestions - suggested_fixes: Code snippets for critical issues tools: - git_cli: Fetch diffs, branch info, commit history - openai_claude: Code analysis and review generation - github_api: PR metadata, status checks, comment posting - language_linters: ESLint (JS/TS), ruff (Python), clippy (Rust) - semgrep: Pattern-based security scanning safety: - Never auto-approve or merge PRs without human confirmation - Flag generated credentials, API keys, or secrets as blocking - Respect .gitignore and review scope defined by diff only - Do not review vendored or generated code - Always include both positive feedback and issues --- # Code Review Workflow Skill Automate code review across pull requests: analyze diffs, check for bugs, security issues, style violations, and generate structured review feedback. ## When to Use - You want automated first-pass code review on every PR - You need consistent security review across your codebase - You want to catch style and logic issues before human review - You maintain multiple repos and want standardized review practices ## How It Works 1. **Fetch**: Get PR diff, commit messages, changed file list from GitHub/Git 2. **Analyze**: For each file, run linters and security scanners 3. **Review**: Use AI to analyze diffs for logic bugs, edge cases, anti-patterns 4. **Categorize**: Classify findings as bug, security, style, performance, or suggestion 5. **Report**: Generate structured output grouped by severity and file ## Review Depth Levels - **Quick (5 min)**: Focus on critical bugs, security issues, obvious style problems. - **Standard (15 min)**: Full logic review, edge case analysis, performance considerations, test coverage check. - **Thorough (30 min)**: Everything in standard plus architecture feedback, dependency review, migration safety, and documentation suggestions. ## Example Prompt "Review PR #42 in github.com/myorg/api-server. Use standard depth. The stack is TypeScript + Express + PostgreSQL. Flag any SQL injection risks, type safety issues, and missing error handling." ## Related - Pattern: /patterns/evaluator-optimizer - Recipe: /recipes/internal-ai-os
Related Recipes
Want code review workflow running in your business?
4M Labs can deploy code review workflow as a production workflow:
- Connected to your tools and data sources
- Secured for your team with proper access controls
- Deployed with monitoring and error handling
- Documented for handoff and future maintenance