coderabbit-webhooks-events

Implement CodeRabbit webhook signature validation and event handling. Use when setting up webhook endpoints, implementing signature verification, or handling CodeRabbit event notifications securely. Trigger with phrases like "coderabbit webhook", "coderabbit events", "coderabbit webhook signature", "handle coderabbit events", "coderabbit notifications".

Quality

77%

Does it follow best practices?

Impact

—

No eval scenarios have been run

Securityby

Passed

No known issues

Fix and improve this skill with Tessl

tessl review fix ./plugins/saas-packs/coderabbit-pack/skills/coderabbit-webhooks-events/SKILL.md

Quality

Content

64%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

The skill provides solid, actionable TypeScript code for handling CodeRabbit webhook events with proper signature validation and event routing. Its main weaknesses are the lack of validation/testing checkpoints in the workflow, some unnecessary verbosity (Output section, Prerequisites, explanatory comments), and a factual error in the inline comment about signature length. The content would benefit from trimming redundant sections and adding explicit verification steps.

Suggestions

Add a validation/testing step after the webhook receiver setup, e.g., 'Test with: curl -X POST with a computed HMAC signature to verify the endpoint accepts valid signatures and rejects invalid ones'

Remove the 'Output' section (it just restates what the code does) and trim the 'Overview' and 'Prerequisites' sections to reduce token usage

Fix the incorrect inline comment '# 256 bytes' on the signature header line—x-hub-signature-256 refers to SHA-256, not 256 bytes

Dimension	Reasoning	Score
Conciseness	The skill includes some unnecessary elements like the 'Overview' section explaining what CodeRabbit is, the 'Prerequisites' section listing things Claude would know to check, the 'Output' section restating what the code already shows, and inline comments like '# 256 bytes' (incorrect—it's the hash algorithm, not byte count) and '# HTTP 401 Unauthorized'. However, the core code examples are reasonably tight.	2 / 3
Actionability	The skill provides fully executable TypeScript code for webhook signature validation, event routing, and review processing. The YAML configuration is concrete and copy-paste ready. Code examples are complete and specific with real GitHub webhook header names and payload structures.	3 / 3
Workflow Clarity	Steps are clearly sequenced (configure receiver → filter events → process results → configure behavior), but there are no validation checkpoints or feedback loops. For a webhook integration involving signature verification and event processing, there should be explicit testing/verification steps (e.g., 'send a test webhook and verify signature validation works') before deploying.	2 / 3
Progressive Disclosure	The content is structured with clear sections and a table of event types, but it's somewhat monolithic—the error handling table, metrics tracking example, and configuration could be split into referenced files. The reference to 'coderabbit-deploy-integration' in Next Steps is good but there are no bundle files to support progressive disclosure. The inline content is heavy for a single SKILL.md.	2 / 3
	Total	9 / 12 Passed

Description

89%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is a solid description with excellent completeness and distinctiveness due to the specific CodeRabbit domain focus. It includes explicit 'Use when' and 'Trigger with' clauses with natural keywords. The main weakness is that the capability listing could be more granular—specifying concrete actions like HMAC verification, payload parsing, or event routing would strengthen specificity.

Suggestions

Add more concrete actions to the first sentence, e.g., 'Implement HMAC-SHA256 signature verification, parse webhook payloads, and route CodeRabbit event types (review completed, comment added, etc.)'

Dimension	Reasoning	Score
Specificity	Names the domain (CodeRabbit webhooks) and some actions (signature validation, event handling), but doesn't list multiple concrete actions in detail—e.g., it doesn't specify parsing payloads, verifying HMAC signatures, routing event types, etc.	2 / 3
Completeness	Clearly answers both 'what' (implement webhook signature validation and event handling) and 'when' (explicit 'Use when...' clause with trigger scenarios and a 'Trigger with phrases like...' section).	3 / 3
Trigger Term Quality	Includes a well-curated list of natural trigger phrases users would actually say: 'coderabbit webhook', 'coderabbit events', 'coderabbit webhook signature', 'handle coderabbit events', 'coderabbit notifications'. These cover common variations effectively.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive—CodeRabbit is a specific product, and the combination of webhook signature validation and CodeRabbit event handling creates a clear niche that is very unlikely to conflict with other skills.	3 / 3
	Total	11 / 12 Passed

Validation

81%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 9 / 11 Passed

Validation for skill structure

Criteria	Description	Result
allowed_tools_field	'allowed-tools' contains unusual tool name(s)	Warning
frontmatter_unknown_keys	Unknown frontmatter key(s) found; consider removing or moving to metadata	Warning

	Total	9 / 11 Passed

Repository: jeremylongshore/claude-code-plugins-plus-skills
Commit: 02d6341

Reviewed: about 19 hours ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.