ojongerius/copilot-pr-review
claude/skills/copilot-pr-review/SKILL.md
Request a GitHub Copilot code review on the current branch's pull request, wait for Copilot to post the review, then report the issues it found and offer to fix them. Use this skill whenever the user wants a Copilot review of their PR — phrases like "get a copilot review", "have copilot review this", "ask copilot to look at the PR", "request copilot review", "run copilot on this branch", or anything else that implies they want Copilot's automated feedback on an open PR. Trigger even if the user doesn't say the word "skill".
$ install --global
skillsauthnpx skillsauth add ojongerius/dotfiles copilot-pr-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:34 PM0.4s1 file scanned
SKILL.md
- name:
- copilot-pr-review
- description:
- Request a GitHub Copilot code review on the current branch's pull request, wait for Copilot to post the review, then report the issues it found and offer to fix them. Use this skill whenever the user wants a Copilot review of their PR — phrases like "get a copilot review", "have copilot review this", "ask copilot to look at the PR", "request copilot review", "run copilot on this branch", or anything else that implies they want Copilot's automated feedback on an open PR. Trigger even if the user doesn't say the word "skill".
Copilot PR Review
Request a Copilot review on the current branch's PR, wait for it to land, then surface what Copilot flagged and offer to fix it.
Flow
- Identify the PR for the current branch.
- Record a baseline so you can tell when the new review arrives.
- Request the Copilot review.
- Wait 2 minutes (reviews essentially never finish faster — polling earlier just wastes API calls and adds noise).
- Poll every 15 seconds for up to 3 more minutes (5 minutes total).
- Fetch the review, summary + inline comments, and report.
- Offer to fix the issues.
Step 1 — Identify the PR
PR_NUMBER=$(gh pr view --json number --jq .number)
REPO=$(gh repo view --json nameWithOwner --jq .nameWithOwner)
If gh pr view fails (no open PR for the branch), stop and tell the user — they need to open a PR first. Don't try to guess which PR they meant.
Step 2 — Capture the baseline
Copilot may have reviewed this PR before. Record the most recent Copilot review timestamp so later you can recognise the new one:
BASELINE=$(gh api "repos/$REPO/pulls/$PR_NUMBER/reviews" \
--jq '[.[] | select(.user.login == "Copilot" or .user.login == "copilot-pull-request-reviewer[bot]")] | max_by(.submitted_at) | .submitted_at // ""')
The bot login has shown up as both Copilot and copilot-pull-request-reviewer[bot] in different contexts — match either. BASELINE will be empty if Copilot has never reviewed this PR.
Step 3 — Request the review
Use the mcp__github-audited__request_copilot_review tool with the PR's owner, repo, and number. That dispatches the review asynchronously — it returns immediately.
Step 4 — Initial wait
sleep 120
Two minutes. This isn't arbitrary — Copilot reviews basically never land in under a minute, and polling immediately clutters the transcript and burns API budget for no reason.
Step 5 — Poll
END=$(( $(date +%s) + 180 ))
FOUND=""
while [ $(date +%s) -lt $END ]; do
LATEST=$(gh api "repos/$REPO/pulls/$PR_NUMBER/reviews" \
--jq '[.[] | select(.user.login == "Copilot" or .user.login == "copilot-pull-request-reviewer[bot]")] | max_by(.submitted_at)')
LATEST_TS=$(echo "$LATEST" | jq -r '.submitted_at // ""')
if [ -n "$LATEST_TS" ] && [ "$LATEST_TS" != "$BASELINE" ]; then
FOUND="$LATEST"
break
fi
sleep 15
done
If the loop exits without finding a new review, tell the user it timed out after 5 minutes and suggest re-running the skill shortly. Don't spin forever — Copilot can silently no-op (e.g. on draft PRs or huge diffs) and you don't want to trap the user.
Step 6 — Fetch and report
From the review found above, extract the id and body (Copilot's top-level summary). Then pull the inline comments for that review:
REVIEW_ID=$(echo "$FOUND" | jq -r .id)
gh api "repos/$REPO/pulls/$PR_NUMBER/reviews/$REVIEW_ID/comments"
Present a compact report in this shape:
## Copilot review
<summary — the review body, trimmed of boilerplate>
## Issues (<count>)
### path/to/file.ts
- L42: <comment body, one or two lines>
- L57: <…>
### path/to/other.py
- L10: <…>
If Copilot left no inline comments, say so plainly — "Copilot reviewed the PR and didn't flag anything." That's a real, useful result. Don't pad it with filler.
Step 7 — Offer to fix
End the report with a single-line ask, e.g.: "Want me to address any of these? Pick which ones or say 'all'."
Do not start editing files before the user confirms. The point of this skill is to surface feedback, not to silently rewrite the branch.
Notes
- If a Copilot review is already pending (visible in
requested_reviewerson the PR), skip Step 3 and go straight to waiting — re-requesting serves no purpose and may reset the clock. - The MCP tool name assumes the standard GitHub MCP server is configured. If
mcp__github-audited__request_copilot_reviewisn't available, fall back togh api -X POST "repos/$REPO/pulls/$PR_NUMBER/requested_reviewers" -f 'reviewers[]=copilot-pull-request-reviewer'and note the fallback to the user. - Timestamps from the API are ISO 8601 strings — compare as strings, not by parsing.
Related Skills
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026
openclaw/openclaw-release-maintainer
development
VerifiedTrustedCommunity
Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/openclaw-qa-testing
development
VerifiedTrustedCommunity
Run, watch, debug, and extend OpenClaw QA testing with qa-lab and qa-channel. Use when Codex needs to execute the repo-backed QA suite, inspect live QA artifacts, debug failing scenarios, add new QA scenarios, or explain the OpenClaw QA workflow. Prefer the live OpenAI lane with regular openai/gpt-5.4 in fast mode; do not use gpt-5.4-pro or gpt-5.4-mini unless the user explicitly overrides that policy.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/openclaw-parallels-smoke
development
VerifiedTrustedCommunity
End-to-end Parallels smoke, upgrade, and rerun workflow for OpenClaw across macOS, Windows, and Linux guests. Use when Codex needs to run, rerun, debug, or interpret VM-based install, onboarding, gateway smoke tests, latest-release-to-main upgrade checks, fresh snapshot retests, or optional Discord roundtrip verification under Parallels.
357,764SKILL.mdUpdated Apr 10, 2026