coderabbit-webhooks-events
Implement CodeRabbit webhook signature validation and event handling. Use when setting up webhook endpoints, implementing signature verification, or handling CodeRabbit event notifications securely. Trigger with phrases like "coderabbit webhook", "coderabbit events", "coderabbit webhook signature", "handle coderabbit events", "coderabbit notifications".
80
77%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/saas-packs/coderabbit-pack/skills/coderabbit-webhooks-events/SKILL.mdQuality
Discovery
89%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a solid skill description with clear 'what' and 'when' clauses, explicit trigger terms, and a highly distinctive niche around CodeRabbit webhooks. The main weakness is that the capability listing could be more granular—specifying concrete actions like HMAC verification, payload parsing, or event routing would strengthen specificity.
Suggestions
Expand the capability list with more concrete actions, e.g., 'verify HMAC-SHA256 signatures, parse webhook payloads, route events by type, return appropriate HTTP status codes'.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Names the domain (CodeRabbit webhooks) and some actions (signature validation, event handling), but doesn't list multiple concrete actions in detail—e.g., it doesn't specify parsing payloads, verifying HMAC signatures, routing event types, or returning proper HTTP responses. | 2 / 3 |
Completeness | Clearly answers both 'what' (implement webhook signature validation and event handling) and 'when' (setting up webhook endpoints, implementing signature verification, handling event notifications), with explicit trigger phrases provided. | 3 / 3 |
Trigger Term Quality | Includes a well-curated list of natural trigger phrases like 'coderabbit webhook', 'coderabbit events', 'coderabbit webhook signature', 'handle coderabbit events', and 'coderabbit notifications'. These are terms a user would naturally use when needing this skill. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive due to the specific 'CodeRabbit' product name and the narrow focus on webhook signature validation and event handling. Very unlikely to conflict with other skills. | 3 / 3 |
Total | 11 / 12 Passed |
Implementation
64%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
The skill provides solid, actionable TypeScript code for handling CodeRabbit webhook events with proper signature validation. Its main weaknesses are moderate verbosity (explanatory sections, redundant inline comments, an 'Output' section that restates the content), and missing validation/verification checkpoints in the workflow. The code quality is high but the surrounding structure could be leaner and include explicit testing steps.
Suggestions
Remove the 'Output' section (it just restates what the code does), trim the 'Overview' to one line or remove it, and remove obvious inline comments like '# 256 bytes' and '# HTTP 200 OK'.
Add a validation step between Steps 1 and 2, such as 'Test with a curl command to verify signature validation works before adding event routing logic'.
Consider extracting the error handling table and .coderabbit.yaml configuration into separate referenced files to improve progressive disclosure.
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The skill includes some unnecessary elements like the 'Overview' section explaining what CodeRabbit is, the 'Prerequisites' section with obvious items, the 'Output' section restating what was already shown, and inline comments like '# 256 bytes' and '# HTTP 401 Unauthorized' that add no value. The event types table and error handling table are useful but the overall content could be tightened. | 2 / 3 |
Actionability | The skill provides fully executable TypeScript code for webhook signature validation, event routing, and review processing. The YAML configuration is concrete and copy-paste ready. Code examples are complete and specific with real patterns (timingSafeEqual, HMAC verification, event filtering by sender login). | 3 / 3 |
Workflow Clarity | Steps are clearly numbered and sequenced (configure receiver → filter events → process results → configure behavior), but there are no validation checkpoints or feedback loops. For a webhook integration involving signature verification and event processing, there should be explicit testing/verification steps (e.g., 'send a test webhook and verify the signature check works') before deploying. | 2 / 3 |
Progressive Disclosure | The content is structured with clear sections and tables, but it's somewhat monolithic — the full implementation code is inline rather than being split into referenced files. The 'Next Steps' reference to 'coderabbit-deploy-integration' is good but there are no bundle files to support progressive disclosure. The error handling table and configuration could be separate reference files. | 2 / 3 |
Total | 9 / 12 Passed |
Validation
81%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 9 / 11 Passed
Validation for skill structure
| Criteria | Description | Result |
|---|---|---|
allowed_tools_field | 'allowed-tools' contains unusual tool name(s) | Warning |
frontmatter_unknown_keys | Unknown frontmatter key(s) found; consider removing or moving to metadata | Warning |
Total | 9 / 11 Passed | |
- Commit
3a2d27d
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.