aliou/review-contributor-pr
.pi/skills/review-contributor-pr/SKILL.md
Review and manage pull requests from external contributors. Use when checking out, reviewing, editing, or merging a PR from a fork.
$ install --global
skillsauthnpx skillsauth add aliou/pi-extensions review-contributor-prInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 6:05 PM67.2s1 file scanned
SKILL.md
- name:
- review-contributor-pr
- description:
- Review and manage pull requests from external contributors. Use when checking out, reviewing, editing, or merging a PR from a fork.
Review Contributor PR
Checkout
Contributors submit PRs from their forks. To push changes back (commit message fixes, minor tweaks), add their fork as a remote:
# Extract fork owner from PR (visible in gh pr view or the PR URL)
git remote add <owner> [email protected]:<owner>/pi-harness.git
git fetch <owner>
git checkout <owner>/<branch> -b <branch>
This works when the contributor has "Allow edits from maintainers" enabled (GitHub default).
To push amended commits back:
git push <owner> <local-branch>:<remote-branch> --force-with-lease
Review Checklist
1. Relevance and Conflicts
- Verify the PR targets
mainand is rebased on currentmain(no merge conflicts). - Confirm the fix/feature is still relevant (hasn't been addressed already).
2. Code Correctness
- Read the changed files and verify the code does what the PR description claims.
- Check for edge cases, error handling, and unintended side effects.
- Look for any security concerns.
3. Commit Format
This repo uses conventional commits with scopes. Every commit must match:
<type>(<scope>): <description>
Common types: feat, fix, chore, perf, refactor, docs, test.
Scopes match directory names: scout, lookout, breadcrumbs, subagents, defaults, qq, palette, etc.
If commits don't follow this format, amend them (keep original author, set yourself as committer).
4. CI Checks
Run locally before merging:
pnpm typecheck
pnpm lint
pnpm test
All checks must pass.
5. Merge
Prefer fast-forward merge to keep linear history:
git checkout main
git merge <branch> --ff-only
git push origin main
If fast-forward fails, rebase the branch on main first.
After merge, clean up the local branch:
git branch -d <branch>
Related Skills
aliou/create-specialized-subagent
tools
VerifiedTrustedCommunity
Create specialized subagents within the subagents extension. Use when asked to create a new subagent like scout, librarian, oracle, etc.
73SKILL.mdUpdated Apr 3, 2026
steipete/skill-creator
testing
VerifiedTrustedCommunity
Create, edit, improve, or audit AgentSkills. Use when creating a new skill from scratch or when asked to improve, review, audit, tidy up, or clean up an existing skill or SKILL.md file. Also use when editing or restructuring a skill directory (moving files to references/ or scripts/, removing stale content, validating against the AgentSkills spec). Triggers on phrases like "create a skill", "author a skill", "tidy up a skill", "improve this skill", "review the skill", "clean up the skill", "audit the skill".
356,423SKILL.mdUpdated Apr 13, 2026
steipete/healthcheck
testing
VerifiedTrustedCommunity
Host security hardening and risk-tolerance configuration for OpenClaw deployments. Use when a user asks for security audits, firewall/SSH/update hardening, risk posture, exposure review, OpenClaw cron scheduling for periodic checks, or version status checks on a machine running OpenClaw (laptop, workstation, Pi, VPS).
356,423SKILL.mdUpdated Apr 13, 2026
openclaw/skill-creator
testing
VerifiedTrustedCommunity
Create, edit, improve, or audit AgentSkills. Use when creating a new skill from scratch or when asked to improve, review, audit, tidy up, or clean up an existing skill or SKILL.md file. Also use when editing or restructuring a skill directory (moving files to references/ or scripts/, removing stale content, validating against the AgentSkills spec). Triggers on phrases like "create a skill", "author a skill", "tidy up a skill", "improve this skill", "review the skill", "clean up the skill", "audit the skill".
353,662SKILL.mdUpdated Apr 10, 2026