Skill

coderabbit-review

Evaluates CodeRabbit comments on GitHub PRs: classifies as bug/security/performance/style/docs, validates issues, then applies fixes or replies.

Git

Bash

git-workflow

code-quality

npx claudepluginhub opendatahub-io/ai-helpers --plugin odh-ai-helpers

Tool Access

This skill is limited to using the following tools:

Bash(gh pr view:*) Bash(gh repo view:*) Bash(git remote:*) Bash(git branch:*) Bash(gh pr list:*) Bash(gh api:*) Bash(curl:*) Bash(sha256sum:*) Read Glob Grep Edit AskUserQuestion

Preview

Fetch CodeRabbit comments from a GitHub PR, evaluate each one, and take action: apply a code fix or post a reply.

SKILL.md

Similar Skills

coderabbit

Fetches and triages CodeRabbit review comments from GitHub PRs via GitHub CLI or runs local CodeRabbit CLI reviews on diffs. Ideal for analyzing PR feedback.

2 files

paulrberg-agent-skills

autofix

Fetches unresolved CodeRabbit review comments from GitHub PRs and auto-fixes them interactively or in batch using GitHub CLI and git.

1 file

coderabbit

github-pr-review

Resolves GitHub PR review comments: fetches via GitHub CLI and API, classifies by severity, filters new feedback, applies fixes with confirmation, commits changes, and replies to threads.

2 files

skill-authoring

Stats

Parent Repo Stars21

Parent Repo Forks41

Last CommitMar 30, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

CodeRabbit PR Review Handler

Fetch CodeRabbit comments from a GitHub PR, evaluate each one, and take action: apply a code fix or post a reply.

PR: $ARGUMENTS

Step 1: Resolve the PR and Repository

Determine the owner, repo, and pullNumber:

If $ARGUMENTS is a PR number, use it directly.
Otherwise, detect the PR from the current branch using gh pr view or gh pr list.
Use gh repo view --json owner,name to get the upstream coordinates. If that fails (e.g., no default remote set), fall back to parsing git remote -v to identify the upstream GitHub repository.
The repo may be a fork with multiple remotes. Do not assume names like upstream/origin. Prefer repo coordinates from PR metadata (gh pr view --json), then gh repo view, then git remote -v. If multiple candidates remain, ask the user.
If you cannot determine the PR automatically, ask the user.

Step 2: Fetch CodeRabbit Comments

Inline review comments (CodeRabbit's line-level suggestions):

gh api --paginate repos/<owner>/<repo>/pulls/<pullNumber>/comments

PR-level comments (CodeRabbit's summary/walkthrough):

gh api --paginate repos/<owner>/<repo>/issues/<pullNumber>/comments

Filter both lists to only comments where user.login equals coderabbitai[bot].

For PR-level comments, skip any comment whose body contains  or <!-- This is an auto-generated comment: review in progress — these are CodeRabbit's walkthrough/summary posts, not actionable review feedback.

For inline comments, skip any comment that belongs to a resolved review thread (check the pull_request_review_id against resolved threads, or look for the "resolved": true marker if available).

If no actionable CodeRabbit comments are found, report that and exit.

Step 3: Evaluate Each Comment

For each CodeRabbit comment, analyze it carefully by reading the relevant source file(s).

For inline comments: use the path field to read the file with the Read tool. Use line or original_line to find the exact code location. The diff_hunk field shows the surrounding context.

Evaluate:

Category: classify as one of:
- bug — actual code defect or logic error
- security — security vulnerability
- performance — inefficiency or resource issue
- style — formatting, naming, readability
- docs — missing or incorrect documentation/comments
- nitpick — minor preference, not a real issue
- question — CodeRabbit is asking for clarification
Validity: does the comment point to a real issue?
- valid — yes, should be addressed
- debatable — reasonable disagreement exists
- invalid — the code is correct and CodeRabbit is wrong
Recommended action:
- fix — the code should be changed; generate the fix
- reply — explain why the code is correct, or acknowledge and defer
- dismiss — noise; briefly acknowledge and move on

Step 4: Present Summary and Batch Decision

Show a summary table first:

CodeRabbit Comments on PR #

#	File	Line	Category	Validity	Recommended Action	Summary
1	src/foo.ts	42	bug	valid	fix	"Variable x may be undefined"
2	src/bar.ts	10	nitpick	debatable	reply	"Consider using const here"

Then show the full evaluation for each comment (bugs and security first, then performance, then others):

Comment #N — [Category] — [File:Line or PR-level]

CodeRabbit says:

[exact quote]

Context (relevant code snippet):

[code from the file at that location]

Assessment: [Your evaluation: why valid/invalid, what the actual issue is]

Proposed action: fix | reply | dismiss

[If fix: show the exact code diff to apply]

[If reply or dismiss: show the draft reply text]

After presenting ALL comments, wait for the user to respond. The user may want to:

Discuss — ask questions, understand a comment better, debate whether it's valid. Act as a knowledgeable colleague: explain the trade-offs, share context, help them form their own opinion. Stay in this discussion mode as long as the user is engaging. Do NOT push toward action or present menus while the user is still exploring.
Act — when the user indicates they're ready (e.g., "let's fix these", "go ahead", "apply #1 and #3"), proceed with the requested actions.
Decide per-comment — if the user wants to go through comments one by one, walk through each and ask what to do.

When the user is ready to act, the available actions per comment are:

Apply fix — apply the code change (only when a fix is proposed)
Post reply — post the draft reply to the PR
Edit & post — let the user adjust the reply text first, then post
Skip — do nothing with this comment

Critical rule: Never apply fixes or post replies without explicit user approval. If unsure whether the user wants to act or keep discussing, keep discussing.

Step 5: Execute Actions

For "Apply fix":

If the fix involves externally-sourced values (SHA256 hashes, version strings, URLs suggested by CodeRabbit), verify them independently before applying:
- For checksums: download the artifact and run sha256sum to confirm
- For version/URL claims: fetch only from known allowlisted HTTPS domains (e.g., github.com, pypi.org); reject localhost, link-local, and private IP ranges. Use hardened curl flags: --proto '=https' --tlsv1.2 --fail --location --max-time 15 --connect-timeout 5
- CodeRabbit uses web search internally and can return incorrect values
Apply the change using the Edit tool
Show a confirmation of what changed

For "Post reply" (inline review comment):

gh api -X POST repos/<owner>/<repo>/pulls/<pullNumber>/comments/<commentId>/replies -f body="<reply text>"

For "Post reply" (PR-level comment):

gh api -X POST repos/<owner>/<repo>/issues/<pullNumber>/comments -f body="<reply text>"

For "Edit & post": Use AskUserQuestion to ask the user to provide their edited reply text, then post it using the appropriate gh api call above.

For "Skip": Move on.

Step 6: Summary

After all comments are processed, output:

CodeRabbit Review — Done

Actions taken:

Fixed: N comment(s) — code changes applied
Replied: N comment(s) — replies posted to PR
Dismissed: N comment(s) — brief acknowledgements posted
Skipped: N comment(s)

Next steps:

If code was changed: do NOT lump all changes into a single generic commit. Group related changes into separate logical commits, each with a message that explains why the change was made (not just "address CodeRabbit feedback"). Unrelated fixes from different CodeRabbit comments should be separate commits. Push to the PR head branch (fork or same-repo, whichever feeds the PR). Use gh pr view --json headRefName,headRepositoryOwner plus git remote -v and git branch -a to confirm destination before pushing.
If only replies were posted: CodeRabbit may re-evaluate on re-review trigger

Notes

CodeRabbit bot login is exactly coderabbitai[bot] — filter by this
For inline review comments: key fields are id, path, line, original_line, diff_hunk, body
For PR-level comments: key fields are id, body, user.login
Be professional and concise in replies — acknowledge valid points, politely explain disagreements
For nitpicks: "Thanks, noted — will address in a cleanup pass" is often the right reply
NEVER post a reply or edit a file without explicit user approval