Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

etanhey/coderabbit

Name: coderabbit
Author: etanhey

skills/golem-powers/coderabbit/SKILL.md

npx skillsauth add etanhey/golems coderabbit

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

CodeRabbit - AI Code Review

Fast AI code reviews via CodeRabbit CLI. Free for open source.

Repositories

Works in any git repo. Free tier covers open source repos. For private repos, ensure CodeRabbit is configured in the repo settings.

Quick Commands

coderabbit review --agent   # Codex/AI-agent local review output
cr review --plain           # Human-readable review
cr review --prompt-only     # Minimal-token prompt output for specific workflows
cr review --type uncommitted # Only unstaged changes
cr review --base main       # Compare against main branch

Local Review Gate (Codex)

In Codex environments, use coderabbit review --agent (not --plain) for the local review gate.

Bound the local CLI wait: hard timeout at about 3 minutes. If the CLI hangs while writing comments, hits a rate limit, or reports review-limit exhaustion mid-loop, kill/stop it, record the limitation, and proceed through commit/push on fresh local test evidence. Do not block the PR loop indefinitely on a local CLI hang. After the PR exists, request @coderabbitai review and read the resulting bot status/comments before merge.

Workflows

| Workflow | Use Case | |----------|----------| | review | Standard code review | | verify | Quick verification for Ralph V-* stories | | security | Security-focused review | | accessibility | A11y audit for UI changes | | secrets | Scan for hardcoded secrets/keys | | pr-ready | Pre-PR comprehensive check | | red-team | Adversarial security/reliability review profile | | blue-team | Architecture/quality/maintainability review profile |

Output Modes

| Flag | Best For | Token Usage | |------|----------|-------------| | --agent | Codex/AI agents running a local gate | Medium | | --plain | Humans reading in terminal | High | | --prompt-only | AI agents (Ralph, Claude) | Low | | (default) | Interactive TUI | N/A |

Integration with Ralph

For V-* verification stories, CodeRabbit runs FIRST as a fast pre-check:

cr review --prompt-only --type committed - Quick scan
If issues found → Fix before Claude verification
If clean → Proceed to full Claude verification

This reduces Claude API costs and catches obvious issues fast.

Receiving Review Feedback

Technical evaluation, not emotional performance. Verify before implementing. Push back when a suggestion is wrong for this codebase.

Response pattern:

Read the complete feedback before reacting.
Understand the requested change; restate it or ask if unclear.
Verify the finding against codebase reality.
Evaluate whether it is technically sound for this stack and user decision.
Respond with a technical acknowledgment or reasoned pushback.
Implement one item at a time and test each fix.

Forbidden responses:

"You're absolutely right!"
"Great point!"
"Thanks for catching that!"

Instead, state the technical requirement, ask a clarifying question, or fix it silently.

| Comment type | Action | |---|---| | Real bug / Security | Fix immediately | | Important improvement | Fix before proceeding | | Style preference | Fix if genuinely better; skip if bikeshed | | Over-engineering | Skip with reasoning | | False positive | Skip with reasoning |

Implementation order for multi-item feedback:

Clarify anything unclear first.
Fix blocking breakage or security issues.
Apply simple fixes.
Apply complex refactors or logic changes.
Test each fix individually and verify no regressions.

Max 3 review-fix rounds for nitpicks. Push back when the suggestion breaks existing behavior, lacks context, violates YAGNI, conflicts with user-stated architecture, or is technically incorrect. If you were wrong, say "Checked X and you're correct. Fixing." Then fix it.

Evaluator Agent (Weighted Quality Gate)

For high-stakes changes, pair CodeRabbit with the evaluator agent (claude --agent evaluator) for deeper qualitative scoring:

CodeRabbit catches structural issues (bugs, security, style)
Evaluator scores on 4 weighted criteria: Functionality (20%), Craft (20%), Design (30%), Originality (30%)
Score >= 7.0 required to proceed to merge

The evaluator is deliberately adversarial -- it compensates for LLM optimism bias in code review. See ~/Gits/orchestrator/standards/evaluator-grading.md for the full grading rubric.

When to add the evaluator gate:

Architecture changes or new module introductions
Agent-generated code (autonomous work products)
Changes touching >5 files or crossing module boundaries

Configuration

Optional .coderabbit.yaml in repo root for custom rules:

reviews:
  language: en
  path_filters:
    - "!**/*.test.ts"
    - "!**/node_modules/**"

Requirements

CodeRabbit CLI installed: curl -fsSL https://cli.coderabbit.ai/install.sh | sh
Authenticated: cr auth login
Must run from git repository root

etanhey/coderabbit

skills/golem-powers/coderabbit/SKILL.md

Use when reviewing uncommitted changes, preparing PRs, requesting or receiving code review, handling CodeRabbit/Greptile/Bugbot/GitHub PR comments, checking security/secrets/a11y/code quality, or deciding whether to accept or reject reviewer feedback. Runs AI review via CLI and covers review triage, false-positive pushback, red/blue team profiles, PR-ready gates. NOT for: runtime debugging or test execution.

3 stars

tools

Updated Jun 7, 2026

$ install --global

skillsauth

npx skillsauth add etanhey/golems coderabbit

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 7, 2026, 3:06 AM13.1s19 files scanned

SKILL.md

name:: coderabbit
description:: Use when reviewing uncommitted changes, preparing PRs, requesting or receiving code review, handling CodeRabbit/Greptile/Bugbot/GitHub PR comments, checking security/secrets/a11y/code quality, or deciding whether to accept or reject reviewer feedback. Runs AI review via CLI and covers review triage, false-positive pushback, red/blue team profiles, PR-ready gates. NOT for: runtime debugging or test execution.
execute:: scripts/review.sh

CodeRabbit - AI Code Review

Fast AI code reviews via CodeRabbit CLI. Free for open source.

Repositories

Works in any git repo. Free tier covers open source repos. For private repos, ensure CodeRabbit is configured in the repo settings.

Quick Commands

coderabbit review --agent   # Codex/AI-agent local review output
cr review --plain           # Human-readable review
cr review --prompt-only     # Minimal-token prompt output for specific workflows
cr review --type uncommitted # Only unstaged changes
cr review --base main       # Compare against main branch

Local Review Gate (Codex)

In Codex environments, use coderabbit review --agent (not --plain) for the local review gate.

Workflows

Output Modes

Integration with Ralph

For V-* verification stories, CodeRabbit runs FIRST as a fast pre-check:

cr review --prompt-only --type committed - Quick scan
If issues found → Fix before Claude verification
If clean → Proceed to full Claude verification

This reduces Claude API costs and catches obvious issues fast.

Receiving Review Feedback

Technical evaluation, not emotional performance. Verify before implementing. Push back when a suggestion is wrong for this codebase.

Response pattern:

Read the complete feedback before reacting.
Understand the requested change; restate it or ask if unclear.
Verify the finding against codebase reality.
Evaluate whether it is technically sound for this stack and user decision.
Respond with a technical acknowledgment or reasoned pushback.
Implement one item at a time and test each fix.

Forbidden responses:

"You're absolutely right!"
"Great point!"
"Thanks for catching that!"

Instead, state the technical requirement, ask a clarifying question, or fix it silently.

Implementation order for multi-item feedback:

Clarify anything unclear first.
Fix blocking breakage or security issues.
Apply simple fixes.
Apply complex refactors or logic changes.
Test each fix individually and verify no regressions.

Evaluator Agent (Weighted Quality Gate)

For high-stakes changes, pair CodeRabbit with the evaluator agent (claude --agent evaluator) for deeper qualitative scoring:

CodeRabbit catches structural issues (bugs, security, style)
Evaluator scores on 4 weighted criteria: Functionality (20%), Craft (20%), Design (30%), Originality (30%)
Score >= 7.0 required to proceed to merge

The evaluator is deliberately adversarial -- it compensates for LLM optimism bias in code review. See ~/Gits/orchestrator/standards/evaluator-grading.md for the full grading rubric.

When to add the evaluator gate:

Architecture changes or new module introductions
Agent-generated code (autonomous work products)
Changes touching >5 files or crossing module boundaries

Configuration

Optional .coderabbit.yaml in repo root for custom rules:

reviews:
  language: en
  path_filters:
    - "!**/*.test.ts"
    - "!**/node_modules/**"

Requirements

CodeRabbit CLI installed: curl -fsSL https://cli.coderabbit.ai/install.sh | sh
Authenticated: cr auth login
Must run from git repository root

Related Skills

etanhey/phoenix-human-view

tools

VerifiedTrustedCommunity

The human-eval UX contract for Phoenix views: turn-by-turn scrollable replay (not a scorecard), hide-but-copyable IDs, collapsed thinking, identity chips, tool filters, tiny frozen starter datasets, mark-wrong-in-thread, mobile-first. Use when: building or reviewing ANY Phoenix/eval view, annotation UI, session replay, or human-grading surface. Triggers: phoenix view, eval UI, annotation view, session replay, human eval UX, grading interface. NOT for: Phoenix data pipelines/ingest (capture scripts have their own specs).

3SKILL.mdUpdated Jun 7, 2026

etanhey/phoenix-human-view

etanhey/mac-systems

tools

VerifiedTrustedCommunity

macOS systems specialist — AppKit NSPanel architecture, launchd services, socket activation, MCP bridge resilience, syspolicyd, and high-frequency SwiftUI dashboards. Use when building menu-bar apps, LaunchAgents, debugging syspolicyd/Gatekeeper/TCC, resilient UDS/MCP bridges, or SwiftUI dashboards at 10Hz+.

3SKILL.mdUpdated Jun 7, 2026

etanhey/judge-fleet

development

VerifiedTrustedCommunity

Bulk LLM-judging protocol for fleet-dispatched verdict runs (KG cluster, eval harness). Use when: dispatching or running judge workers (J1/J2/RT), planning bulk-apply from verdict JSONL, or triaging evidence_degraded outputs. Triggers: judge fleet, bulk judge, R3 verdicts, kg-judge, RT gate, evidence_degraded. NOT for: single-item code review, Phoenix view UX (use phoenix-human-view), or non-judge eval pipelines.

3SKILL.mdUpdated Jun 7, 2026

etanhey/fleet-wrap

development

VerifiedTrustedCommunity

Quiet-down protocol for sprint close: when the fleet wraps, delete ALL polling crons and monitors, send ONE final dashboard + ONE message, then go SILENT. Use when: fleet wraps, all workers done, overnight queue exhausted, sprint close, Etan asleep/away with nothing approved left. Triggers: fleet wrap, wrap the fleet, stand down, going quiet, sprint close. NOT for: mid-sprint monitoring (keep your loops), spawning a successor (use /session-handoff first).

3SKILL.mdUpdated Jun 7, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/etanhey/golems.git

# Copy into Claude Code skills folder (global)
cp -r golems/skills/golem-powers/coderabbit ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

etanhey/golems

3 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT