paulrberg/coderabbit
skills/coderabbit/SKILL.md
This skill should be used when the user asks to "triage coderabbit", "check coderabbit comments", "analyze coderabbit review", "fetch coderabbit findings", "coderabbit PR", "review coderabbit suggestions", "run coderabbit review", "coderabbit review", "review with coderabbit", or mentions analyzing CodeRabbit PR comments or running CodeRabbit CLI review locally.
$ install --global
skillsauthnpx skillsauth add paulrberg/agent-skills coderabbitInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 5:41 AM13.7s3 files scanned
SKILL.md
- argument-hint:
- [<pr-number|pr-url>] [--local [--base <branch>] [--type <type>]]
- disable-model-invocation:
- false
- name:
- coderabbit
- user-invocable:
- true
- description:
- This skill should be used when the user asks to "triage coderabbit", "check coderabbit comments", "analyze coderabbit review", "fetch coderabbit findings", "coderabbit PR", "review coderabbit suggestions", "run coderabbit review", "coderabbit review", "review with coderabbit", or mentions analyzing CodeRabbit PR comments or running CodeRabbit CLI review locally.
CodeRabbit Review Triage
Fetch and analyze CodeRabbit review comments from a GitHub PR, or run a local CodeRabbit CLI review. Default mode fetches from the remote PR. Use --local to run the CLI against local diffs.
Arguments
Parse $ARGUMENTS for:
<pr-number>— integer PR number<pr-url>— GitHub PR URL (e.g.,https://github.com/owner/repo/pull/123), extract the PR number from the path--local— switch to local review mode (see below)
Mode Dispatch
If $ARGUMENTS contains --local, strip it and forward remaining arguments to references/local-review.md. Follow that workflow instead of continuing here. All flags after --local (--base, --base-commit, --type, --config) are forwarded to the local workflow.
Otherwise, continue with the PR comment analysis workflow below.
Prerequisites
Run these checks in order. Stop at the first failure.
1) GitHub CLI Authenticated
gh auth status
If not authenticated, stop and tell the user to run gh auth login.
2) Detect Repository
gh repo view --json owner,name --jq '"\(.owner.login)/\(.name)"'
Store the result as {owner}/{repo}.
3) Resolve PR Number
- If a PR number was provided as an argument, use it directly.
- If a PR URL was provided, extract the number from the URL path.
- If neither was provided, auto-detect from the current branch:
gh pr view --json number --jq '.number' 2>/dev/null
If auto-detection fails, stop: "No open PR found for the current branch. Provide a PR number or URL, or use --local for local review."
4) Validate PR
gh pr view {pr_number} --json state,url --jq '"\(.state) \(.url)"'
If the command fails, the PR does not exist. Report and stop. Otherwise, note the state (OPEN/MERGED/CLOSED) and URL for the report scope section.
Workflow
1) Fetch CodeRabbit Comments
Fetch from three GitHub API endpoints, filtering for the CodeRabbit bot. Use --paginate for large PRs. The bot's login is coderabbitai but may appear as coderabbitai[bot], so match with startswith.
Walkthrough/summary comments (issue comments where CodeRabbit posts its walkthrough):
gh api "repos/{owner}/{repo}/issues/{pr_number}/comments" \
--paginate \
--jq '[.[] | select(.user.login | startswith("coderabbitai"))]'
Review objects (top-level review body and state):
gh api "repos/{owner}/{repo}/pulls/{pr_number}/reviews" \
--paginate \
--jq '[.[] | select(.user.login | startswith("coderabbitai"))]'
Inline review comments (file-level comments with path and line info):
gh api "repos/{owner}/{repo}/pulls/{pr_number}/comments" \
--paginate \
--jq '[.[] | select(.user.login | startswith("coderabbitai"))]'
If no CodeRabbit comments are found across all three endpoints, report "No CodeRabbit review found on PR #{pr_number}" and stop.
2) Parse Comments into Findings
Process the raw API responses into a normalized list of findings:
- From inline comments (
pulls/{pr}/comments): Each comment becomes a finding withpath(from.path),line(from.lineor.original_line),body(the comment text),diff_hunk(surrounding context), andsource: "inline". These are the primary source of actionable findings. - From review bodies (
pulls/{pr}/reviews): Parse each review'sbodyfor actionable items. Extract individual suggestions. Marksource: "review". - From issue comments (
issues/{pr}/comments): Parse for file-level summaries and actionable items within the walkthrough. Marksource: "walkthrough".
Inline comments are the primary source of actionable findings. Review summaries and walkthrough comments provide context and may surface additional actionable items not tied to specific lines.
3) Triage Findings
Load references/triage.md and follow the shared triage process — categorize, classify, confirm ambiguous, generate fix plan, and report.
Stop Conditions
Stop and ask for direction when:
ghCLI is not authenticated.- The PR does not exist or is not accessible.
- No CodeRabbit comments found on the PR.
- Auto-detection fails and no PR number was provided.
- A finding requires architectural changes beyond the PR's scope.
- Classification confidence is low for code on critical paths (auth, payments, data integrity).
Related Skills
paulrberg/debrief
development
VerifiedTrustedCommunity
This skill should be used when the user asks to "debrief", "debrief this task", "debrief the session", "save findings", "save analysis", "save this as a report", "create an HTML report from the transcript", or wants to persist the current task's findings as a self-contained interactive HTML playground at `./.ai/reports/<slug>/index.html`. Flag: --md emits a plain Markdown report at `./.ai/reports/<slug>/index.md` and skips the playground dependency.
62SKILL.mdUpdated May 10, 2026
paulrberg/yeet
documentation
VerifiedTrustedCommunity
This skill should be used when the user asks to create or update a GitHub PR, file or update an issue, post a comment, or start a discussion. Trigger phrases include "create PR", "open PR", "file an issue", "update issue", "yeet a PR/issue/discussion", "comment on an issue".
62SKILL.mdUpdated Apr 18, 2026
paulrberg/evm-chains
development
VerifiedTrustedCommunity
This skill should be used when the user asks to resolve an EVM chain name or chain ID; find chain metadata such as a default public RPC, native currency symbol, or block explorer URL; determine whether a chain is supported by RouteMesh; or read on-chain account data for any EVM chain — "check ETH balance", "query ERC-20 balance", "get wallet balance", "check token holdings", "fetch NFT transfers", "ERC-721 or ERC-1155 transfer history", "transaction history", "find first funding transaction", "trace fund origin", "who funded this address", "query Etherscan", "query Blockscout", or "look up a chain on Chainscout". It routes each data query through Etherscan API V2 (preferred) or the Blockscout/Chainscout APIs (fallback for chains Etherscan doesn't serve), with direct JSON-RPC as a last resort. Also use it for chain resolution before fetching data from or interacting with an EVM chain.
62SKILL.mdUpdated Apr 18, 2026
paulrberg/commit
development
VerifiedTrustedCommunity
This skill should be used when the user asks to commit changes, craft a commit message, or run a commit workflow. Creates atomic git commits with conventional-commit formatting and optional deep analysis or push. Flags: --all, --deep, --close, --push.
62SKILL.mdUpdated Apr 18, 2026