CtrlK
BlogDocsLog inGet started
Tessl Logo

coderabbit-security-basics

Configure CodeRabbit for security-focused code review with secret detection and vulnerability scanning. Use when setting up security review rules, configuring secret detection in PRs, or hardening CodeRabbit configuration for compliance requirements. Trigger with phrases like "coderabbit security", "coderabbit secrets", "secure coderabbit", "coderabbit vulnerability detection", "coderabbit security review".

67

Quality

82%

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Advisory

Suggest reviewing before use

SKILL.md
Quality
Evals
Security

Quality

Content

64%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This skill provides highly actionable, concrete security configuration for CodeRabbit with real-world patterns and executable code. Its main weaknesses are verbosity (the inline YAML is extensive and could benefit from splitting into referenced files) and the lack of explicit validation checkpoints in the workflow—particularly important given the security context where misconfiguration could create a false sense of security.

Suggestions

Add an explicit validation step after configuration: e.g., 'Create a test PR with a mock hardcoded secret to verify CodeRabbit flags it before relying on this setup in production.'

Split the detailed path_instructions examples into a separate reference file (e.g., SECURITY_RULES.md) and keep only the global '**' rule and one domain-specific example inline.

Remove the overview paragraph explaining what CodeRabbit's AI can do—Claude already knows this from the skill description and context.

DimensionReasoningScore

Conciseness

The overview section explains what CodeRabbit's AI can do and why, which is somewhat unnecessary context. The security coverage table adds informational value but isn't directly actionable. The path_instructions YAML is long but mostly earns its place as reference configuration. Some trimming possible (e.g., the prerequisites, the overview paragraph).

2 / 3

Actionability

Provides fully executable, copy-paste ready YAML configuration, a complete GitHub Actions workflow for secret scanning, a working Python audit script, and concrete CodeRabbit comment examples for training learnings. All code is complete and specific with real patterns (AWS keys, GitHub PATs, etc.).

3 / 3

Workflow Clarity

Steps are numbered and sequenced (configure → integrate CI → train learnings → audit), but there are no explicit validation checkpoints between steps. The audit script in Step 4 serves as a post-hoc validation but isn't woven into the workflow as a 'validate before proceeding' gate. For a security-focused skill involving potentially destructive merge-blocking configuration, explicit verification steps (e.g., 'test with a dummy PR containing a mock secret') are missing.

2 / 3

Progressive Disclosure

The content is well-structured with clear sections and headers, but it's quite long (~200+ lines of configuration inline) with no bundle files to offload detail. The security coverage table, detailed path_instructions for each code area, and the full CI workflow could be split into referenced files. The 'Next Steps' reference to 'coderabbit-prod-checklist' is good but the referenced resource doesn't exist in the bundle.

2 / 3

Total

9

/

12

Passed

Description

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a well-crafted skill description that excels across all dimensions. It clearly specifies what the skill does (configure CodeRabbit for security review), when to use it (security rules, secret detection, compliance hardening), and provides explicit trigger phrases. The narrow focus on CodeRabbit security configuration makes it highly distinctive and unlikely to conflict with other skills.

DimensionReasoningScore

Specificity

Lists multiple specific concrete actions: 'Configure CodeRabbit', 'security-focused code review', 'secret detection', 'vulnerability scanning'. These are clear, actionable capabilities.

3 / 3

Completeness

Clearly answers both 'what' (configure CodeRabbit for security-focused code review with secret detection and vulnerability scanning) and 'when' (setting up security review rules, configuring secret detection in PRs, hardening CodeRabbit configuration for compliance). Explicit 'Use when' and 'Trigger with' clauses are present.

3 / 3

Trigger Term Quality

Excellent coverage of natural trigger terms including 'coderabbit security', 'coderabbit secrets', 'secure coderabbit', 'coderabbit vulnerability detection', 'coderabbit security review'. Also includes natural phrases like 'secret detection in PRs' and 'compliance requirements'.

3 / 3

Distinctiveness Conflict Risk

Highly distinctive with a clear niche: CodeRabbit + security configuration. The combination of a specific tool (CodeRabbit) with a specific domain (security/secret detection/vulnerability scanning) makes it very unlikely to conflict with other skills.

3 / 3

Total

12

/

12

Passed

Validation

81%

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation9 / 11 Passed

Validation for skill structure

CriteriaDescriptionResult

allowed_tools_field

'allowed-tools' contains unusual tool name(s)

Warning

frontmatter_unknown_keys

Unknown frontmatter key(s) found; consider removing or moving to metadata

Warning

Total

9

/

11

Passed

Repository
jeremylongshore/claude-code-plugins-plus-skills
Reviewed

Table of Contents

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.