claude-code-review: Automated PR Reviews That Actually Post to GitHub

At 450 stars on SkillsMP with stable traction, claude-code-review from DataRecce is one of those skills that shows up repeatedly when developers talk about practical Claude Code integrations. It's not trending explosively right now, but stable at 450 stars means people are installing it and keeping it — which is a more honest signal than a spike.

I spent time with the skill's source and ran it against a few PRs. Here's my honest take.

What This Skill Actually Does

The pitch is simple: you run /review 123 (or drop in a full PR URL), and Claude handles the entire review loop — fetching PR metadata via gh, checking out the branch, reading the diff, running your test suite and linter, writing a structured Markdown review, and then posting it as a GitHub comment and a formal GitHub review (approve or request-changes).

It's not just "Claude reads a diff and tells you things." It closes the loop by writing back to GitHub. That's the part that makes this actually useful rather than a neat demo.

Why This Matters

Most AI code review tools I've used fall into one of two failure modes:

1. They give you a wall of suggestions in your terminal that you then have to manually translate into GitHub comments.
2. They flag every style nit and naming preference alongside the actual bugs, so you end up ignoring everything.

This skill tries to solve both problems. The GitHub write-back is handled via gh CLI commands baked into the workflow. And the instructions are explicit: critical issues only — no style preferences, no "consider" suggestions, no vague handwaving. If Claude can't point to a file and line number, it shouldn't be in the review.

For teams doing code review at any volume, the time sink isn't finding bugs — it's the coordination overhead of tracking what got flagged, what got fixed, and what's still open. The prior-review detection (looking for an existing claude[bot] comment with a hidden HTML marker) is a genuinely clever solution to that. When a developer pushes new commits, /review again and Claude reads its own prior comment, acknowledges what got fixed, and reports what's still open. That's a workflow, not just a feature.

Key Capabilities Worth Knowing About

1. Draft PR guard Skips draft PRs automatically. This sounds minor but it's the kind of thing that makes a skill feel production-ready. You don't want automated reviews on work-in-progress — it creates noise and trains people to ignore the bot.

2. Runs your actual test suite Step 7 runs make test, make flake8, pnpm test, pnpm lint, and TypeScript type checks depending on what files changed. This is significant. Static diff reading catches a lot, but a failing test is concrete evidence that's hard to argue with. The skill is explicit: report failures, don't fix them.

3. Updated review tracking The hidden <!-- claude-code-review --> marker in every comment means Claude can find its own prior review and produce a delta. "Fixed: null check in auth middleware. Still open: N+1 query in user list endpoint." That's genuinely useful for async review workflows.

4. Explicit false-positive suppression The skill has a section called "Known False Positives" that tells Claude not to flag React 19 APIs as experimental and to respect patterns established in AGENTS.md and CLAUDE.md. This is DataRecce eating their own dog food — they built this for their own repo (which uses React 19 and has established conventions) and they've encoded that context. You'll want to customize this section for your stack.

5. Temp file for review body Small thing, but writing the review to /tmp/review_body.md and using --body-file instead of inlining text in a shell command is the right call. Anyone who's tried to inline a 500-word Markdown review in a shell command knows why.

Who Should Install This

Install it if: - You're using Claude Code on a repo where you have gh CLI configured and authenticated - You do regular PR reviews and want a first-pass filter that catches real issues before human review - Your team uses async review workflows where tracking "what did the bot flag last time" is actual overhead - You're comfortable editing the false-positives section to match your stack

Skip it (for now) if: - You don't have gh CLI set up and authenticated — this skill leans on it heavily throughout. Without it, nothing works. - Your repo doesn't have a make test or equivalent — the verify step will fail or be skipped, which reduces the value significantly - You're on a monorepo with complex test setups — the test commands are hardcoded for Python (make test, make flake8) and TypeScript (pnpm test, pnpm lint, pnpm type:check). You'll need to adapt them. - You want style feedback — this skill is deliberately not that. If you want Claude to catch naming inconsistencies and suggest refactors, look elsewhere.

How to Install

Drop it in your project's .claude/skills/ directory or globally in ~/.claude/skills/:

# Project-level (recommended — lets you customize false positives per repo)
mkdir -p .claude/skills
curl -o .claude/skills/claude-code-review.md \
  https://raw.githubusercontent.com/DataRecce/recce/main/.claude/skills/claude-code-review/SKILL.md

Or grab it directly from the SkillsMP page if you prefer a UI.

After installing, make sure gh is authenticated:

gh auth status

If that fails, nothing else will work.

Concerns and Limitations

It's opinionated about their stack. The skill was built for DataRecce's own repo — Python backend, TypeScript/React frontend, make for build commands, pnpm for JS. The test commands in step 7 are literally make test and cd js && pnpm test. If your project uses pytest directly, npm, yarn, cargo test, or anything else, you need to edit the skill before it'll do useful verification work. This isn't a dealbreaker, but it's not a drop-in for every project.

Claude needs GitHub write permissions. Posting formal reviews and comments requires that your Claude Code setup has a GitHub token with appropriate permissions. If you're running this in a restricted environment, the review will be written but the posting steps will fail. The skill doesn't handle this gracefully — it'll just error out.

The "critical issues only" instruction is a prompt, not a guarantee. Claude can still hallucinate findings or misread context. I've seen it flag issues that were already handled elsewhere in the codebase. The false-positive suppression section helps, but you should still read the review rather than blindly acting on it. Treat it as a first pass, not a final word.

No support for PRs across forks. The git checkout step assumes the branch exists in your remote. Cross-fork PRs (common on open source repos) will fail at step 5. If you're maintaining a public repo, this is a real gap.

450 stars, zero movement last week. Stable is fine, but it does suggest this isn't getting active development right now. The skill is functional but don't expect rapid iteration on the limitations above.

Verdict

This is one of the more complete and honest skill implementations I've reviewed. The workflow is well-thought-out, the "critical issues only" philosophy is the right call, and the prior-review tracking is genuinely clever. DataRecce clearly built this to solve a real problem they had, not to ship a demo.

The main caveat is that it's tuned for their stack. Before you install it, budget 20-30 minutes to edit the test commands, update the false-positives section for your framework, and verify your gh auth is working. If you're willing to do that work, this skill will save you time on every PR review cycle.

If you want a drop-in with zero configuration, this isn't it. If you want a solid foundation to build a real automated review workflow on, it's worth the install.

Links: - SkillsMP page - GitHub source