Use this skill when posting the final summary comment after all inline comments are posted. Apply as the LAST step of code review after all findings are classified and inline comments are complete. Detects context (agent mode sticky comment, GitHub Actions MCP tool, or local file) and routes output accordingly.
npx claudepluginhub bitwarden/ai-plugins --plugin bitwarden-code-reviewThis skill uses the workspace's default tool permissions.
Check contexts **in this order** — use the first match:
Generates ultra-compressed code review comments for PRs and diffs: one line per finding with location, problem, fix. Supports severity prefixes like bug, risk, nit.
Use this skill when posting inline comments to GitHub pull requests. Apply when formatting comments following Bitwarden engineering standards with severity emojis, clear explanations, and actionable suggestions. Use after findings are classified and ready to post. DO NOT USE when posting summary comments.
Monitors deployed URLs for regressions after deploys, merges, or upgrades by checking HTTP status, console errors, network failures, performance (LCP/CLS/INP), content, and API health.
Share bugs, ideas, or general feedback.
Check contexts in this order — use the first match:
| Context | How to Detect | Action |
|---|---|---|
| Agent Mode | Sticky comment context provided in prompt (comment ID + <!-- bitwarden-code-review --> marker) | Write summary to /tmp/review-summary.md |
| GitHub Actions (tag mode) | mcp__github_comment__update_claude_comment available AND no sticky comment context | Update sticky comment via MCP tool |
| Local review | Neither agent mode context nor MCP tool available | Write to review-summary.md in working directory |
FORBIDDEN: Do not use gh pr comment to create summary comments.
If PR title, description, or test plan is genuinely deficient, add as a finding in the Code Review Details collapsible section.
Genuinely deficient means:
Adequate (DO NOT flag):
- ❓ **QUESTION**: PR title could be more specific
- Suggested: "Fix null check in UserService.getProfile"
## 🤖 Bitwarden Claude Code Review
**Overall Assessment:** APPROVE / REQUEST CHANGES
[Up to 4 neutral sentences describing what was reviewed]
<details>
<summary>Code Review Details</summary>
[Findings grouped by severity - see ordering below]
[Optional PR Metadata Assessment - only for truly deficient metadata]
</details>
Ordering: Group findings by severity in this exact order:
Omit empty categories entirely.
Format per finding:
- [emoji]: [One-line description]
- `filename.ts:42`
Example:
<details>
<summary>Code Review Details</summary>
- ❌ : SQL injection in user query builder
- `src/auth/queries.ts:87`
- ⚠️ : Missing null check on optional config
- `src/config/loader.ts:23`
</details>
When sticky comment context is provided in the prompt (comment ID + marker):
/tmp/review-summary.md using the Write tool\n\n<!-- bitwarden-code-review --> at the end of the file contentmcp__github_comment__update_claude_commentgh pr comment or gh apiThe workflow post-step will read this file and update the placeholder comment automatically.
Use mcp__github_comment__update_claude_comment to update the sticky comment with the summary.
Write summary to review-summary.md in working directory.