OPENCLAWDIRECTORY
👀

PR Review Automation

DevOpsIntermediate45 minutes

Automatically review pull requests with security scanning and style checks

Prerequisites

  • OpenClaw installed and running
  • GitHub repository with webhook access
  • Slack workspace for review notifications

Required Skills

PR Reviewer
openclaw install pr-reviewer
vulnerability-scanner
openclaw install vulnerability-scanner
slack-digest
openclaw install slack-digest

Installation Steps

1

Install required skills

Install the PR reviewer, vulnerability scanner, and Slack digest skills.

openclaw install pr-reviewer vulnerability-scanner slack-digest
2

Configure GitHub webhook

In your GitHub repo settings, add a webhook for pull_request events (opened and synchronize) pointing to your OpenClaw instance.

3

Define review criteria

Set the auto-approve conditions (test pass, no security issues, coverage threshold, file count) and request-changes conditions.

4

Add the config snippet

Copy the configuration below and adjust the review criteria thresholds for your team.

Configuration

{
  "webhooks": {
    "github-pr": {
      "url": "/webhooks/github",
      "events": ["pull_request.opened", "pull_request.synchronize"],
      "actions": [
        "run-security-scan",
        "check-code-quality",
        "review-changes",
        "post-review-comment",
        "notify-slack"
      ]
    }
  },
  "reviewCriteria": {
    "autoApprove": {
      "conditions": [
        "all-tests-pass",
        "no-security-issues",
        "code-coverage >= 80%",
        "files-changed < 5"
      ]
    },
    "requestChanges": {
      "conditions": [
        "security-vulnerabilities-found",
        "tests-failing"
      ]
    }
  }
}

Add this to your openclaw.json and customize the values for your setup.

SOUL.md

## PR Review Behavior
- Be constructive, never snarky. "Consider extracting this into a helper" not "This is messy."
- Don't nitpick formatting or style if a linter/formatter handles it. Focus on logic, security, and correctness.
- For PRs touching auth, payments, or data deletion: always request human review regardless of auto-approve criteria. Add a "sensitive-path" label.
- If tests pass but coverage dropped, mention it as a suggestion, not a blocker — unless it dropped below the threshold.
- When requesting changes, be specific: point to the exact line and suggest a concrete fix, not just "this needs work."
- For first-time contributors, be extra welcoming. Approve with minor suggestions as comments rather than blocking.
- If a PR is clearly a WIP or draft, leave a helpful comment but don't run the full review pipeline.

Add this to your SOUL.md to define the agent's behavior for this workflow.

Expected Behavior

When a PR is opened, OpenClaw automatically runs security scans, checks code quality, reviews the changes, and either approves (if all criteria met) or requests changes with detailed feedback. Team is notified in Slack.

Usage Guide

The workflow triggers automatically on every PR open or push. Adjust the autoApprove conditions to match your team's standards. PRs that meet all criteria get auto-approved; those with security issues or failing tests get change requests with specific feedback.

Community Use Cases

All Use Cases →

Multi-Agent Army: 10,000 Emails, 122 Slides, CLI Tools, PRs

OpenClaw army that cleared 10,000 emails from inbox (day 1), reviewed and summarized 122 Google Slides for town hall, built CLI tools and published to npm, and refactored PRs from code review.

Jonathan Rhyne @jdrhyne

More DevOps Recipes

All Recipes →
🐛

Sentry → Auto-Debug → Open PR

Automatically analyze Sentry errors, generate fixes, and create pull requests

Advanced1 hour
📝

Daily Standup Summarizer

Collect GitHub activity and generate standup summaries for the team

Beginner20 minutes
🚨

Incident Response Automation

Detect production issues and coordinate incident response

Advanced1.5 hours