luan/pr-reviewers
skills/pr-reviewers/SKILL.md
Recommend PR reviewers based on code ownership. Triggers: 'who should review', 'add reviewers', 'find reviewers'. Spreads load to avoid always picking same people.
$ install --global
skillsauthnpx skillsauth add luan/dot-claude pr-reviewersInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 30, 2026, 1:09 PM11.8s1 file scanned
SKILL.md
- name:
- pr-reviewers
- description:
- Recommend PR reviewers based on code ownership. Triggers: 'who should review', 'add reviewers', 'find reviewers'. Spreads load to avoid always picking same people.
- model:
- sonnet
- context:
- fork
- agent:
- general-purpose
- argument-hint:
- [--auto]
- user-invocable:
- true
- disable-model-invocation:
- true
- - "Bash(gh pr view:
- *)
- - "Bash(gh pr list:
- *)
- - "Bash(gh pr edit:
- *)
- - "Bash(gh api:
- *)
- - "Bash(gh repo view:
- *)
- - "Bash(git log:
- *)
- - "Bash(git diff:
- *)
- - "Bash(git shortlog:
- *)
- - "Bash(git branch:
- *)
- - "Bash(wc:
- *)
PR Reviewer Picker
Recommend reviewers based on code expertise while spreading review load.
Rotating reviewers prevents knowledge silos and balances workload — the same reviewer on every PR misses patterns fresh eyes catch and creates bottlenecks when that person is unavailable. Recent-reviewer overlap is penalized, not rewarded.
Steps
-
Detect PR:
gh pr view --json number,headRefName,author -q '.number' -
Get changed files:
gh pr view <PR> --json files -q '.files[].path'- Separate existing vs new files (additions where
deletions == 0andstatus == "added") - Exclude generated files:
*.generated.*,*.pb.go,*.pb.swift,*_generated.rs,*.g.dart, lock files,vendor/,node_modules/,*.min.*,*.snap,__snapshots__/. Also check for@generatedmarker in first 5 lines. Generated files skew blame toward whoever ran the generator.
- Separate existing vs new files (additions where
-
Gather candidates (parallel): Read
${CLAUDE_SKILL_DIR}/references/scoring.mdfor candidate gathering commands, scoring weights, and penalty multipliers. -
Validate: Remove PR author, non-members, bots
-
Score: Apply scoring algorithm from
${CLAUDE_SKILL_DIR}/references/scoring.md. -
Present results — up to 3 candidates (don't pad if fewer exist). For each:
- Score breakdown with concrete numbers
- Expertise reason: "Owns 60% of changed lines", "12 commits to these files", "CODEOWNERS for src/auth/"
- If penalized: "(currently reviewing 6 PRs)"
Never say "Reviewed your recent PRs" as positive signal.
--auto→ add recommended reviewers directly. Without--auto→ ask: "Add these reviewers?" -
Add:
gh pr edit <PR> --add-reviewer alice,bob,carol
Related Skills
luan/sym
tools
VerifiedTrustedCommunity
Tree-sitter indexed code navigator (ct sym CLI). Use INSTEAD OF Read/Grep/Glob/Bash when exploring existing code, understanding how something works, locating a symbol, tracing the call graph up (impact) or down (trace), finding implementations of an interface, scoping a diff to one symbol, or preparing to edit code you have not read yet. Triggers: 'how does X work', 'explain this class/file/symbol', 'walk me through X', 'what does X do', 'where is X defined', 'who calls X', 'what does X call', 'find implementations of', 'what breaks if I change X', 'outline this file', 'map imports', 'show me this symbol', exploring unfamiliar repo, tracing call graph, scoping diff to a symbol, preparing to edit code I haven't read, about to Read a file over ~500 lines to understand it. Do NOT use for: writing new code from scratch, editing prose or config, running tests, or when a stack trace already names the file and line.
4SKILL.mdUpdated Apr 22, 2026
luan/vibe
development
VerifiedTrustedCommunity
Fully autonomous development workflow from prompt to commit. Chains spec → develop → review → commit. Triggers: /vibe, 'vibe this', 'autonomous workflow', 'just do it all', 'build this end-to-end', 'full pipeline', 'handle everything'.
4SKILL.mdUpdated Apr 21, 2026
luan/vault-sweep
development
VerifiedTrustedCommunity
Comprehensive vault maintenance — cross-references blueprints against codebase state to produce a maintenance plan: archive consumed artifacts, audit docs for staleness, propose new docs for undocumented stable systems. Triggers: 'vault sweep', 'sweep the vault', 'clean up vault', 'vault maintenance', 'what can we archive', 'audit blueprints', 'vault hygiene', 'blueprint cleanup'. Use whenever the user wants a holistic view of vault health rather than archiving a single artifact (that's /archive). Also use when the user asks what's stale, what needs docs, or whether artifacts can be cleaned up.
4SKILL.mdUpdated Apr 21, 2026
luan/test-plan
development
VerifiedTrustedCommunity
Analyze current diff, classify changes by risk, and produce structured manual test plan. Triggers: 'test plan', 'what should I test', 'manual testing', 'verification steps', 'QA checklist'. Exits early for trivial changes. Do NOT use when: writing automated tests — use /develop with TDD. Do NOT use when: reviewing code quality — use /crit instead.
4SKILL.mdUpdated Apr 21, 2026