nsheaps/pr-review-workflow
plugins/scm-utils/skills/pr-review-workflow/SKILL.md
Quick-reference index for the full PR review workflow. Redirects to automated-code-review for the full orchestration. Use when asked to "do a full review", "review everything", or "comprehensive review".
$ install --global
skillsauthnpx skillsauth add nsheaps/ai-mktpl pr-review-workflowInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 4:14 PM43.1s1 file scanned
SKILL.md
- name:
- pr-review-workflow
- description:
- >
- argument-hint:
- [PR number or branch name]
PR Review Workflow
This skill is a quick-reference index. For the full orchestrated workflow, use scm-utils:automated-code-review.
Available Granular Review Skills
Use individually when you only need one dimension, or use automated-code-review for the full sequence.
| Skill | What it covers |
| ---------------------------------- | -------------------------------------- |
| scm-utils:review-code | Code quality, patterns, bugs, security |
| scm-utils:review-diff | Diff scope and completeness |
| scm-utils:review-commits | Commit structure and atomicity |
| scm-utils:review-commit-messages | Commit message quality and conventions |
| scm-utils:review-pr-contents | PR title, body, labels, metadata |
| scm-utils:validate-review | Verify findings are accurate |
| scm-utils:post-review | Format and submit the review on GitHub |
| scm-utils:fix-review-findings | Address review findings in code |
When to Use What
- Full review? Use
scm-utils:automated-code-review - Just checking code quality? Use
scm-utils:review-codealone - Just checking the diff scope? Use
scm-utils:review-diffalone - Just checking PR presentation? Use
scm-utils:review-pr-contentsalone - CI-based review (Henry's workflow)? Use
scm-utils:code-review - Iterate until quality threshold met? Use
sdlc-utils:iterate-until-good
External References
- Google Engineering Practices: Code Review
- Conventional Comments
Related Skills
nsheaps/github-app-session-env
tools
VerifiedTrustedCommunity
Manually reproduce what the github-app plugin's SessionStart hook does to make a GitHub App installation token usable in the current session — materialize the PEM, generate the token, isolate GH_CONFIG_DIR, write the runtime env file, and wire CLAUDE_ENV_FILE so every Bash call sees GH_TOKEN/GITHUB_TOKEN. Use when the hook did not run, the token is missing from the environment, or a shell/teammate needs the token wired up by hand. <example>GH_TOKEN isn't set even though github-app is configured</example> <example>the github-app SessionStart hook didn't run, set up the token manually</example> <example>wire the github app token into CLAUDE_ENV_FILE</example> <example>gh keeps falling back to the wrong account, isolate GH_CONFIG_DIR</example>
3SKILL.mdUpdated Jun 9, 2026
nsheaps/github-app-git-identity
tools
VerifiedTrustedCommunity
Manually configure the GitHub App bot git identity the way the github-app plugin's SessionStart hook does — resolve the app slug and bot user ID, build the <slug>[bot] name and noreply email, set GIT_AUTHOR_*/GIT_COMMITTER_* env vars, and write an isolated GIT_CONFIG_GLOBAL with the gh auth git-credential helper. Use when commits are attributed to the wrong account, "Author identity unknown" appears, or git identity must be set up by hand. <example>my commits are showing up as the handler, not the bot</example> <example>git says Author identity unknown after the github-app hook ran</example> <example>configure the github app bot git identity manually</example> <example>set up the gh credential helper for git push</example>
3SKILL.mdUpdated Jun 9, 2026
nsheaps/spec-management
tools
VerifiedTrustedCommunity
Manages spec files for requirements capture and validation
3SKILL.mdUpdated Jun 7, 2026
nsheaps/plugins/bash-command-rejection/skills/bash-chaining-alternatives
tools
VerifiedTrustedCommunity
# Bash Chaining Alternatives This skill teaches you how to work around the bash command chaining restriction enforced by this plugin. ## Why Chaining is Blocked The `bash-command-rejection` plugin blocks these operators: | Operator | Name | Why Blocked | | -------- | ---------- | ----------------------------------------------------------------------------------- | | `&&` | AND chain | Runs cmd2 only if cmd1 su
3SKILL.mdUpdated Jun 7, 2026