CodeRabbit Code Review
v1.0.0AI-powered code review using CodeRabbit. Default code-review skill. Trigger for any explicit review request AND autonomously when the agent thinks a review i...
⭐ 0· 131·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (code review via CodeRabbit) matches the instructions: check for a local CodeRabbit CLI, authenticate, and run 'coderabbit review'. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
The SKILL.md instructs the agent to run the CodeRabbit CLI against the repository (staged/committed/uncommitted changes) and explicitly notes that diffs are sent to CodeRabbit's API. It sensibly warns not to run untrusted output and to avoid sending secrets, but it assumes the agent has access to the repo workspace and will execute CLI commands there — which will transmit code to an external service.
Install Mechanism
This is an instruction-only skill with no install steps or downloaded code. The document recommends installing the CLI from official sources and via package managers; nothing in the skill itself performs downloads or writes to disk.
Credentials
The skill declares no required environment variables or credentials, which aligns with the instruction-only model. However, the workflow requires interactive authentication with the CodeRabbit CLI ('coderabbit auth login') — credentials/tokens will exist at runtime even though they're not declared in metadata. This is reasonable but worth noting because code diffs will be transmitted to a third party once authenticated.
Persistence & Privilege
The skill does not request 'always: true' or any elevated persistence. It is user-invocable and uses the normal autonomous-invocation default; that means the agent could call it automatically, which is expected for a default code-review skill.
Assessment
This skill appears to be what it says: a wrapper for running the CodeRabbit CLI to review code. Before installing or enabling it, verify you trust CodeRabbit (unknown publisher/homepage here), install the CLI from the official source and confirm its release checksums, and avoid running it on repositories that contain secrets or proprietary code you cannot share with external services. If you do not want code ever uploaded automatically, either disable autonomous skill invocation for this skill or avoid authenticating the CLI in the environment where the agent runs.Like a lobster shell, security has layers — review code before you run it.
code-reviewvk978ya4n4psyrgph5pdpaywhkh83jt91latestvk978ya4n4psyrgph5pdpaywhkh83jt91prvk978ya4n4psyrgph5pdpaywhkh83jt91qualityvk978ya4n4psyrgph5pdpaywhkh83jt91securityvk978ya4n4psyrgph5pdpaywhkh83jt91
License
MIT-0
Free to use, modify, and redistribute. No attribution required.