Pr Review

Name: Pr Review
Author: minimax-ai

minimax-ai/skills

Review pull requests that add or change agent skills using overlap, description, size, and credential checklist rules.

Overview

Pr-review is an agent skill for the Ship phase that applies soft quality guidelines when reviewing PRs that add or modify agent skills.

Install

npx skills add https://github.com/minimax-ai/skills --skill pr-review

What is this skill?

Checks new skills for functional overlap with existing skills before approve
Requires description fields with what, when, and trigger keywords for agent activation
Flags SKILL.md files over ~500 lines and embedded large blobs for context cost
Covers credential-handling expectations beyond automated validation scripts
Positions boundaries when capabilities partially overlap another skill
Individual reference documents over ~500 lines should be split

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1k installs on skills.sh; 12.5k GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

New skill PRs slip through with vague descriptions, duplicated capabilities, or bloated Markdown that wastes agent context.

Who is it for?

Maintainers or solo authors curating a skills.sh-style repository who want checklist-driven PR review before merge.

Skip if: General application code review, security pen-tests, or automated CI pass/fail gates replacing human judgment.

When should I use this skill?

Reviewing PRs that add or change skills, auditing SKILL.md description quality, or checking skill scope overlap and file size.

What do I get? / Deliverables

Reviewers apply consistent overlap, description, size, and credential checks so merged skills are distinct, discoverable, and lean.

Review comments on overlap, description, size, and credentials
Suggestions to extend vs add new skill

Recommended Skills

Find Skillsvercel-labs/skills

Find Skills is a meta agent skill from the Vercel Labs skills package that helps solo builders discover and install modu…2M installs·21.7k stars

Skill Creatoranthropics/skills

Skill-creator is an Anthropic-originated meta skill aimed at solo and indie builders who want durable agent capabilities…258k installs·148k stars

Lark Skill Makerlarksuite/cli

Meta-skill for packaging Feishu/Lark API operations into installable lark-cli Skills.207k installs·13.7k stars

Skills Clixixu-me/skills

skills-cli is a procedural agent skill that teaches assistants how to operate the open Agent Skills CLI—the package mana…200k installs·61 stars

Write A Skillmattpocock/skills

End-to-end guide for authoring new agent skills with proper metadata, folder layout, progressive disclosure, and user va…181k installs·121k stars

Using Superpowersobra/superpowers

Using Superpowers is a journey-wide meta skill for solo and indie builders who run Claude Code, Codex, Cursor, or simila…134k installs·221k stars

Journey fit

Primary fit

Skill-repo PR review is a ship-time quality gate before merged skills reach users’ context windows. Manual soft-review guidelines belong on the review subphase shelf alongside code review, focused on SKILL.md contributions.

How it compares

Use for skill-package PR hygiene, not as a substitute for repo-wide code-review or security-audit skills on product code.

Common Questions / FAQ

Who is pr-review for?

Skill repo maintainers and contributors who approve or draft PRs containing SKILL.md and reference docs.

When should I use pr-review?

During Ship review before merging a new skill, when tightening a description field, or when splitting an oversized reference document.

Is pr-review safe to install?

Check the Security Audits panel on this Prism page; the skill is documentation-only but may reference credential patterns you should verify locally.

SKILL.md

READMESKILL.md - Pr Review

# Quality Guidelines (Soft Review)

These guidelines are not enforced by automated tooling. Reviewers should check these during manual PR review and flag violations as suggestions.

## 1. Skill Scope — Avoid Overlap

Before approving a new skill, check existing skills for functional overlap.

- If the new skill's capability is a subset of an existing skill, suggest extending the existing one instead
- If there is partial overlap, the PR description must clearly explain the boundary
- Example: a voice synthesis skill should clarify how it differs from `frontend-dev`'s TTS capabilities

## 2. Description Quality

The `description` field in SKILL.md is what the agent uses to decide whether to activate the skill. A good description must include:

- What the skill does
- When to use it (trigger conditions)
- Keywords or phrases that should activate it

Bad: `"A skill for making PDFs"`
Good: `"Generate, fill, and reformat PDF documents. Use when the user asks to create, modify, or design any PDF file. Triggers: PDF, .pdf, document generation."`

## 3. File Size Awareness

Skills are loaded into the agent's context window. Every token counts.

- Individual `.md` files should stay focused and concise
- If a reference document exceeds ~500 lines, consider splitting it into parts
- Do not embed large data blobs (base64 images, full API responses) in Markdown
- Prefer linking to external resources over inlining lengthy content

## 4. Credential Handling

The validation script only blocks high-confidence secret patterns (OpenAI keys, AWS keys, JWT tokens). Reviewers should additionally check for:

- API keys or passwords assigned directly in code (e.g., `api_key = "abc123..."`)
- Credentials passed as plain string arguments instead of environment variable reads
- Example keys that look realistic enough to be mistaken for real ones
- Scripts that lack a clear error message when a required env var is missing

If a skill involves external APIs, verify that SKILL.md documents the required environment variables.

## 5. Script Quality

If the skill includes helper scripts in `scripts/`:

- Scripts should have a shebang line (`#!/usr/bin/env python3`)
- A `requirements.txt` should be present listing all dependencies if external libraries are needed.
- Errors should produce clear messages, not raw tracebacks

## 6. Language

- SKILL.md content and code should be written in English
- Reference docs are recommended to be in English

## 7. README Sync

When a new skill is added, both `README.md` and `README_zh.md` should be updated with the new skill in the table. Community-submitted skills should set the Source column to `Community`.


# Structure Rules (Hard Validation)

These rules are enforced by `scripts/validate_skills.py`. PRs that violate ERROR-level rules will not be merged.

## Directory Structure

Every skill must follow this layout:

```
skills/<skill-name>/
├── SKILL.md                 # Required
├── references/              # Optional
│   └── *.md
└── scripts/                 # Optional
    ├── *.py
    └── requirements.txt     # Required if scripts/ exists
```

- Directory name must be lowercase `kebab-case` (e.g., `gif-sticker-maker`)
- `SKILL.md` is the only required file

## SKILL.md Frontmatter

The file must begin with a valid YAML frontmatter block enclosed by `---` markers.

### Required Fields (ERROR if missing)

| Field | Rule |
|-------|------|
| `name` | Must exist and exactly match the directory name |
| `description` | Must exist and be non-empty |

### Recommended Fields (WARNING if missing)

| Field | Rule |
|-------|------|
| `license` | Should be `MIT` or a license declaration |
| `metadata` | Should include `version`, `category`, and optionally `sources` |

## Secret Scanning

No file in the skill directory may contain hardcoded secrets. The following high-confidence patterns are scanned:

- OpenAI-style API keys: `sk-` followed by 20+ alphanumeric characters
- AWS Access Key IDs: `AKIA` followed by 16 uppercase alph

What is this skill?

Checks new skills for functional overlap with existing skills before approve

Requires description fields with what, when, and trigger keywords for agent activation

Flags SKILL.md files over ~500 lines and embedded large blobs for context cost

Covers credential-handling expectations beyond automated validation scripts

Positions boundaries when capabilities partially overlap another skill

Individual reference documents over ~500 lines should be split

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 1k installs on skills.sh; 12.5k GitHub stars; 3/3 security scanners passed (skills.sh audits).

SKILL.md

READMESKILL.md - Pr Review

# Quality Guidelines (Soft Review)

These guidelines are not enforced by automated tooling. Reviewers should check these during manual PR review and flag violations as suggestions.

## 1. Skill Scope — Avoid Overlap

Before approving a new skill, check existing skills for functional overlap.

- If the new skill's capability is a subset of an existing skill, suggest extending the existing one instead
- If there is partial overlap, the PR description must clearly explain the boundary
- Example: a voice synthesis skill should clarify how it differs from `frontend-dev`'s TTS capabilities

## 2. Description Quality

The `description` field in SKILL.md is what the agent uses to decide whether to activate the skill. A good description must include:

- What the skill does
- When to use it (trigger conditions)
- Keywords or phrases that should activate it

Bad: `"A skill for making PDFs"`
Good: `"Generate, fill, and reformat PDF documents. Use when the user asks to create, modify, or design any PDF file. Triggers: PDF, .pdf, document generation."`

## 3. File Size Awareness

Skills are loaded into the agent's context window. Every token counts.

- Individual `.md` files should stay focused and concise
- If a reference document exceeds ~500 lines, consider splitting it into parts
- Do not embed large data blobs (base64 images, full API responses) in Markdown
- Prefer linking to external resources over inlining lengthy content

## 4. Credential Handling

The validation script only blocks high-confidence secret patterns (OpenAI keys, AWS keys, JWT tokens). Reviewers should additionally check for:

- API keys or passwords assigned directly in code (e.g., `api_key = "abc123..."`)
- Credentials passed as plain string arguments instead of environment variable reads
- Example keys that look realistic enough to be mistaken for real ones
- Scripts that lack a clear error message when a required env var is missing

If a skill involves external APIs, verify that SKILL.md documents the required environment variables.

## 5. Script Quality

If the skill includes helper scripts in `scripts/`:

- Scripts should have a shebang line (`#!/usr/bin/env python3`)
- A `requirements.txt` should be present listing all dependencies if external libraries are needed.
- Errors should produce clear messages, not raw tracebacks

## 6. Language

- SKILL.md content and code should be written in English
- Reference docs are recommended to be in English

## 7. README Sync

When a new skill is added, both `README.md` and `README_zh.md` should be updated with the new skill in the table. Community-submitted skills should set the Source column to `Community`.


# Structure Rules (Hard Validation)

These rules are enforced by `scripts/validate_skills.py`. PRs that violate ERROR-level rules will not be merged.

## Directory Structure

Every skill must follow this layout:

```
skills/<skill-name>/
├── SKILL.md                 # Required
├── references/              # Optional
│   └── *.md
└── scripts/                 # Optional
    ├── *.py
    └── requirements.txt     # Required if scripts/ exists
```

- Directory name must be lowercase `kebab-case` (e.g., `gif-sticker-maker`)
- `SKILL.md` is the only required file

## SKILL.md Frontmatter

The file must begin with a valid YAML frontmatter block enclosed by `---` markers.

### Required Fields (ERROR if missing)

| Field | Rule |
|-------|------|
| `name` | Must exist and exactly match the directory name |
| `description` | Must exist and be non-empty |

### Recommended Fields (WARNING if missing)

| Field | Rule |
|-------|------|
| `license` | Should be `MIT` or a license declaration |
| `metadata` | Should include `version`, `category`, and optionally `sources` |

## Secret Scanning

No file in the skill directory may contain hardcoded secrets. The following high-confidence patterns are scanned:

- OpenAI-style API keys: `sk-` followed by 20+ alphanumeric characters
- AWS Access Key IDs: `AKIA` followed by 16 uppercase alph

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is pr-review for?

When should I use pr-review?

Is pr-review safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is pr-review for?

When should I use pr-review?

Is pr-review safe to install?

SKILL.md