nsheaps/request-a-review
plugins/scm-utils/skills/request-a-review/SKILL.md
Best practices and procedures for creating and maintaining high-quality pull requests. Covers PR creation, body formatting, title conventions, lifecycle management, and requesting reviews. Counterpart to review-code, respond-to-review, and other review-receiving skills. Triggers on: "create a PR", "update the PR", "open a pull request", "push and PR", "fix PR", "fix PR body", "PR formatting", or automatically after any push to a feature branch per the auto-pr-management rule.
$ install --global
skillsauthnpx skillsauth add nsheaps/ai-mktpl request-a-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 4:14 PM28.4s1 file scanned
SKILL.md
- name:
- request-a-review
- description:
- >
- Triggers on:
- create a PR", "update the PR", "open a pull request", "push and PR",
- allowed-tools:
- Bash, Read, Grep, Glob
Requesting a Review
Create and maintain pull requests for feature branches using gh api with --hostname github.com (required for web sessions where the git remote is a local proxy).
Pre-fetched Context
Current branch: !git branch --show-current 2>/dev/null || echo "(not in a git repo)"
Prerequisites
eval "$(mise activate bash)"
The gh CLI must be available (installed via mise) and GH_TOKEN must be set in the environment.
Step 1: Check for Existing PR
Always check before creating to avoid duplicates. Use server-side filtering:
gh api "repos/nsheaps/ai-mktpl/pulls?head=nsheaps:<branch-name>&state=open" \
--hostname github.com \
--jq '.[0] | {number, title, state}'
If a PR already exists, skip to Step 3: Update PR.
Step 2: Create Draft PR
PR_NUMBER=$(gh api repos/nsheaps/ai-mktpl/pulls \
--hostname github.com \
--method POST \
--field title="Short descriptive title" \
--field head="<branch-name>" \
--field base="main" \
--field draft=true \
--field body="$(cat <<'PREOF'
## Summary
- What changed and why
## Test plan
- [ ] Verification steps
<!-- Include Claude Code session link if available, e.g.: https://claude.ai/code/session_XXXXX -->
PREOF
)" --jq '.number')
Then add the request-review label to trigger AI code review:
gh api repos/nsheaps/ai-mktpl/issues/${PR_NUMBER}/labels \
--hostname github.com \
--method POST \
--field 'labels[]=request-review'
Step 3: Update PR
After subsequent pushes, update the PR body to reflect all current changes:
gh api repos/nsheaps/ai-mktpl/pulls/<PR_NUMBER> \
--hostname github.com \
--method PATCH \
--field body="$(cat <<'PREOF'
## Summary
- Updated description reflecting all changes
## Test plan
- [ ] Updated verification steps
<!-- session link -->
PREOF
)"
Step 4: Mark Ready (When Complete)
Only after review feedback is addressed and CI passes:
gh api repos/nsheaps/ai-mktpl/pulls/<PR_NUMBER> \
--hostname github.com \
--method PATCH \
--field draft=false
PR Title Conventions
- Keep under 70 characters
- Start with a verb (Add, Fix, Update, Refactor, etc.)
- Match conventional commit style when applicable
PR Body Formatting
CRITICAL: PR bodies must contain real newlines, not literal \n escape sequences.
- When using
gh api, use heredocs ($(cat <<'PREOF' ... PREOF)) — they preserve newlines naturally - When using MCP tools (e.g.
mcp__github__create_pull_request), pass the body as a multi-line string with actual newlines — MCP tool string parameters support real newlines - Never construct PR bodies by concatenating strings with
\n— GitHub renders them as literal text, not line breaks
Error Handling
| Error | Resolution |
| --------------------- | ---------------------------------------------------- |
| gh not found | Run eval "$(mise activate bash)" or mise install |
| 401 Unauthorized | Check GH_TOKEN is set and has PR write scope |
| 422 Validation failed | Branch may not exist on remote yet — push first |
| PR already exists | Use PATCH to update instead of POST to create |
Related Skills
nsheaps/github-app-session-env
tools
VerifiedTrustedCommunity
Manually reproduce what the github-app plugin's SessionStart hook does to make a GitHub App installation token usable in the current session — materialize the PEM, generate the token, isolate GH_CONFIG_DIR, write the runtime env file, and wire CLAUDE_ENV_FILE so every Bash call sees GH_TOKEN/GITHUB_TOKEN. Use when the hook did not run, the token is missing from the environment, or a shell/teammate needs the token wired up by hand. <example>GH_TOKEN isn't set even though github-app is configured</example> <example>the github-app SessionStart hook didn't run, set up the token manually</example> <example>wire the github app token into CLAUDE_ENV_FILE</example> <example>gh keeps falling back to the wrong account, isolate GH_CONFIG_DIR</example>
3SKILL.mdUpdated Jun 9, 2026
nsheaps/github-app-git-identity
tools
VerifiedTrustedCommunity
Manually configure the GitHub App bot git identity the way the github-app plugin's SessionStart hook does — resolve the app slug and bot user ID, build the <slug>[bot] name and noreply email, set GIT_AUTHOR_*/GIT_COMMITTER_* env vars, and write an isolated GIT_CONFIG_GLOBAL with the gh auth git-credential helper. Use when commits are attributed to the wrong account, "Author identity unknown" appears, or git identity must be set up by hand. <example>my commits are showing up as the handler, not the bot</example> <example>git says Author identity unknown after the github-app hook ran</example> <example>configure the github app bot git identity manually</example> <example>set up the gh credential helper for git push</example>
3SKILL.mdUpdated Jun 9, 2026
nsheaps/spec-management
tools
VerifiedTrustedCommunity
Manages spec files for requirements capture and validation
3SKILL.mdUpdated Jun 7, 2026
nsheaps/plugins/bash-command-rejection/skills/bash-chaining-alternatives
tools
VerifiedTrustedCommunity
# Bash Chaining Alternatives This skill teaches you how to work around the bash command chaining restriction enforced by this plugin. ## Why Chaining is Blocked The `bash-command-rejection` plugin blocks these operators: | Operator | Name | Why Blocked | | -------- | ---------- | ----------------------------------------------------------------------------------- | | `&&` | AND chain | Runs cmd2 only if cmd1 su
3SKILL.mdUpdated Jun 7, 2026