indrasvat/coderabbit
skills/coderabbit/SKILL.md
Local AI code reviews via CodeRabbit CLI. ONLY use when (1) user explicitly requests "coderabbit"/"cr review", OR (2) code changes are high-risk (security, concurrency, complex logic). Rate-limited to 1 review/hour—be highly selective.
$ install --global
skillsauthnpx skillsauth add indrasvat/claude-code-skills coderabbitInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 23, 2026, 8:11 AM100.3s1 file scanned
SKILL.md
- name:
- coderabbit
- description:
- Local AI code reviews via CodeRabbit CLI. ONLY use when (1) user explicitly requests "coderabbit"/"cr review", OR (2) code changes are high-risk (security, concurrency, complex logic). Rate-limited to 1 review/hour—be highly selective.
CodeRabbit CLI
AI code reviews locally. Rate limit: 1 review/hour. Use sparingly.
When to Use (Be Selective)
USE CodeRabbit for:
- User explicitly requests it
- Security-sensitive code (auth, crypto, input validation, secrets)
- Concurrency/async (race conditions, deadlocks, shared state)
- Memory management (leaks, resource cleanup)
- Complex business logic with non-obvious edge cases
- Database migrations or schema changes
- Public API contract changes
SKIP CodeRabbit for:
- Simple refactors, renames, moves
- Documentation or comment changes
- Test additions (unless testing complex logic)
- Config/env changes
- Obvious bug fixes
- Formatting/style cleanup
When uncertain, ask user: "This looks like it could benefit from a CodeRabbit review (1/hour limit). Want me to run one?"
Setup (First Use)
# Check if installed
command -v cr &>/dev/null || {
echo "Installing CodeRabbit CLI..."
curl -fsSL https://cli.coderabbit.ai/install.sh | sh
source ~/.zshrc # or ~/.bashrc
}
# Check auth status, login if needed
cr auth status || cr auth login
If CLI missing, prompt user: "CodeRabbit CLI not installed. Install it now?" Then run install + auth.
Execution (Always Background)
ALWAYS run in background with monitoring:
# Start review in background, capture output
cr review --prompt-only --type uncommitted > /tmp/cr-review.txt 2>&1 &
CR_PID=$!
# Monitor completion (reviews take 7-30 min)
while kill -0 $CR_PID 2>/dev/null; do sleep 30; done
# Read results
cat /tmp/cr-review.txt
Flags:
--prompt-only— Always use. AI-optimized, token-efficient output--type uncommitted— Faster, reviews only unstaged/staged changes--type committed— Only committed changes vs base--base <branch>— Compare against specific branch (default: main)
Workflow
- Run background review (command above)
- Continue other work while waiting
- Parse findings when complete — prioritize: critical > major > minor (ignore nits)
- Fix critical/major only — don't chase diminishing returns
- NO verification re-run unless user requests (preserve rate limit)
Troubleshooting
- No findings: Check
git status, verify--basebranch - Stalled: Reviews can take 30+ min for large diffs — be patient
- Auth issues: Re-run
cr auth login
Related Skills
indrasvat/triage-pr
development
VerifiedTrustedCommunity
Fetch, categorize, and address PR review comments in priority order. Classifies each comment as BLOCKER, QUESTION, SUGGESTION, or NITPICK and works through blockers first. Use when the user says "address PR comments", "fix review feedback", "respond to PR", "handle review comments", "triage PR", "what does the reviewer want", "address feedback", "PR comments", "review feedback", or needs to work through pull request review comments systematically.
3SKILL.mdUpdated May 23, 2026
indrasvat/ship-pr
testing
VerifiedTrustedCommunity
Create a pull request with a standards compliance review gate. Reviews the diff against CLAUDE.md and repo conventions before creating the PR, stopping on discrepancies. Supports tiered PR templates (small, standard, complex). Use when the user says "create PR", "open PR", "ship it", "ship PR", "make a pull request", "push and PR", "ready for review", "send for review", "create a pull request", or wants to create a GitHub pull request from the current branch.
3SKILL.mdUpdated May 23, 2026
indrasvat/rollout-check
testing
VerifiedTrustedCommunity
Verify Kubernetes deployment health — pod status, rollout progress, events, readiness, HPA state, and recent errors. Use when the user says "check rollout", "is deploy healthy", "rollout status", "deployment health", "pod status", "check pods", "why is deploy failing", "k8s health", "verify deployment", "are pods ready", "check deployment", or wants to verify a Kubernetes deployment is healthy after a rollout.
3SKILL.mdUpdated May 23, 2026
indrasvat/prd-generator
documentation
VerifiedTrustedCommunity
Generate comprehensive Product Requirements Documents with interactive discovery, progress tracking, and True Ralph Loop support for autonomous implementation. Use when user wants to (1) create a PRD for a new project/feature, (2) implement a PRD autonomously with fresh Claude sessions, (3) track implementation progress, (4) recover context after session loss. Creates docs/PRD.md and docs/PROGRESS.md.
3SKILL.mdUpdated May 23, 2026