원클릭으로 Manus에서 모든 스킬 실행

시작하기

$pwd:

coderabbit-review

Name: Coderabbit Review
Author: opendatahub-io

// Use when you need to evaluate CodeRabbit PR comments and fix or reply

Manus에서 실행

$ git log --oneline --stat

stars:30

forks:63

updated:2026년 5월 22일 00:26

SKILL.md

readonly

related-skills.json

같은 저장소

python-packaging-binary-audit.md

from "opendatahub-io/ai-helpers"

Scan a Python package repository for compiled/binary files using Fromager-style detection and malcontent YARA analysis, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.

2026-05-2930

python-packaging-git-audit.md

from "opendatahub-io/ai-helpers"

Inspect recent git history of a Python package repository for suspicious commits touching supply-chain-sensitive files, then triage findings with AI reasoning to produce a structured risk report section.

2026-05-2930

python-packaging-security-audit.md

from "opendatahub-io/ai-helpers"

Use this skill to evaluate the security of a Python package repository by orchestrating static analysis, binary scanning, and git history inspection sub-skills in parallel, then combining their results into a unified security report with a risk rating.

2026-05-2930

python-packaging-static-audit.md

from "opendatahub-io/ai-helpers"

Run hexora static analysis on a Python package repository to detect suspicious code patterns, then triage findings with deterministic rules and AI reasoning to produce a structured risk report section.

2026-05-2930

non-redhat-rpms.md

from "opendatahub-io/ai-helpers"

Use this skill to identify non-Red Hat RPM packages installed in container images or on the local machine. For containers, pulls images across multiple architectures and release tags; for local scans, inspects the host directly. Extracts RPM signing metadata and reports packages not signed with the Red Hat GPG key as CSV output. Use when auditing compliance, checking supply-chain provenance, or scanning for third-party RPMs in RHOAI component images.

2026-05-2830

github-sync-upstream.md

from "opendatahub-io/ai-helpers"

Sync code from an upstream GitHub repository into a target fork (e.g., opendatahub-io midstream). Detects remotes from the current repo, or clones fresh if run from outside. Fetches upstream, merges into a sync branch, restores protected files, resolves conflicts, and opens a PR to the target GitHub repo. Use when asked to sync upstream, merge upstream changes, or bring a GitHub fork up to date with its upstream source.

2026-05-2630

package.json

"author": "opendatahub-io"

"repository": "opendatahub-io/ai-helpers"

GitHub 저장소 열기 Creator 저장소 보기

$ install --global

$ download --local

Manus에서 실행

name	coderabbit-review
description	Use when you need to evaluate CodeRabbit PR comments and fix or reply
argument-hint	["pr-number"]
compatibility	Requires gh CLI.
allowed-tools	Bash(gh pr view:) Bash(gh repo view:) Bash(git remote:) Bash(git branch:) Bash(gh pr list:) Bash(gh api:) Bash(curl:) Bash(sha256sum:) Read Glob Grep Edit AskUserQuestion

CodeRabbit PR Review Handler

Fetch CodeRabbit comments from a GitHub PR, evaluate each one, and take action: apply a code fix or post a reply.

PR: $ARGUMENTS

Step 1: Resolve the PR and Repository

Determine the owner, repo, and pullNumber:

If $ARGUMENTS is a PR number, use it directly.
Otherwise, detect the PR from the current branch using gh pr view or gh pr list.
Use gh repo view --json owner,name to get the upstream coordinates. If that fails (e.g., no default remote set), fall back to parsing git remote -v to identify the upstream GitHub repository.
The repo may be a fork with multiple remotes. Do not assume names like upstream/origin. Prefer repo coordinates from PR metadata (gh pr view --json), then gh repo view, then git remote -v. If multiple candidates remain, ask the user.
If you cannot determine the PR automatically, ask the user.

Step 2: Fetch CodeRabbit Comments

Inline review comments (CodeRabbit's line-level suggestions):

gh api --paginate repos/<owner>/<repo>/pulls/<pullNumber>/comments

PR-level comments (CodeRabbit's summary/walkthrough):

gh api --paginate repos/<owner>/<repo>/issues/<pullNumber>/comments

Filter both lists to only comments where user.login equals coderabbitai[bot].

For PR-level comments, skip any comment whose body contains  or <!-- This is an auto-generated comment: review in progress — these are CodeRabbit's walkthrough/summary posts, not actionable review feedback.

For inline comments, skip any comment that belongs to a resolved review thread (check the pull_request_review_id against resolved threads, or look for the "resolved": true marker if available).

If no actionable CodeRabbit comments are found, report that and exit.

Step 3: Evaluate Each Comment

For each CodeRabbit comment, analyze it carefully by reading the relevant source file(s).

For inline comments: use the path field to read the file with the Read tool. Use line or original_line to find the exact code location. The diff_hunk field shows the surrounding context.

Evaluate:

Category: classify as one of:
- bug — actual code defect or logic error
- security — security vulnerability
- performance — inefficiency or resource issue
- style — formatting, naming, readability
- docs — missing or incorrect documentation/comments
- nitpick — minor preference, not a real issue
- question — CodeRabbit is asking for clarification
Validity: does the comment point to a real issue?
- valid — yes, should be addressed
- debatable — reasonable disagreement exists
- invalid — the code is correct and CodeRabbit is wrong
Recommended action:
- fix — the code should be changed; generate the fix
- reply — explain why the code is correct, or acknowledge and defer
- dismiss — noise; briefly acknowledge and move on

Step 4: Present Summary and Batch Decision

Show a summary table first:

CodeRabbit Comments on PR #

#	File	Line	Category	Validity	Recommended Action	Summary
1	src/foo.ts	42	bug	valid	fix	"Variable x may be undefined"
2	src/bar.ts	10	nitpick	debatable	reply	"Use const here"

Then show the full evaluation for each comment (bugs and security first, then performance, then others):

Comment #N — [Category] — [File:Line or PR-level]

CodeRabbit says:

[exact quote]

Context (relevant code snippet):

[code from the file at that location]

Assessment: [Your evaluation: why valid/invalid, what the actual issue is]

Proposed action: fix | reply | dismiss

[If fix: show the exact code diff to apply]

[If reply or dismiss: show the draft reply text]

After presenting ALL comments, wait for the user to respond. The user may want to:

Discuss — ask questions, understand a comment better, debate whether it's valid. Act as a knowledgeable colleague: explain the trade-offs, share context, help them form their own opinion. Stay in this discussion mode as long as the user is engaging. Do NOT push toward action or present menus while the user is still exploring.
Act — when the user indicates they're ready (e.g., "let's fix these", "go ahead", "apply #1 and #3"), proceed with the requested actions.
Decide per-comment — if the user wants to go through comments one by one, walk through each and ask what to do.

When the user is ready to act, the available actions per comment are:

Apply fix — apply the code change (only when a fix is proposed)
Post reply — post the draft reply to the PR
Edit & post — let the user adjust the reply text first, then post
Skip — do nothing with this comment

Critical rule: Never apply fixes or post replies without explicit user approval. If unsure whether the user wants to act or keep discussing, keep discussing.

Step 5: Execute Actions

For "Apply fix":

If the fix involves externally-sourced values (SHA256 hashes, version strings, URLs suggested by CodeRabbit), verify them independently before applying:
- For checksums: download the artifact and run sha256sum to confirm
- For version/URL claims: fetch only from known allowlisted HTTPS domains (e.g., github.com, pypi.org); reject localhost, link-local, and private IP ranges. Use hardened curl flags: --proto '=https' --tlsv1.2 --fail --location --max-time 15 --connect-timeout 5
- CodeRabbit uses web search internally and can return incorrect values
Apply the change using the Edit tool
Show a confirmation of what changed

For "Post reply" (inline review comment):

gh api -X POST repos/<owner>/<repo>/pulls/<pullNumber>/comments/<commentId>/replies -f body="<reply text>"

For "Post reply" (PR-level comment):

gh api -X POST repos/<owner>/<repo>/issues/<pullNumber>/comments -f body="<reply text>"

For "Edit & post": Use AskUserQuestion to ask the user to provide their edited reply text, then post it using the appropriate gh api call above.

For "Skip": Move on.

Step 6: Summary

After all comments are processed, output: