semgrep-coderabbit
Installation
SKILL.md
Semgrep + CodeRabbit Review
Two-stage code review: fast deterministic pattern detection first, then semantic AI analysis. Order is non-negotiable.
NEVER
- Never run CodeRabbit before Semgrep passes — Semgrep failures are blockers, not suggestions.
- Never skip re-running both tools after fixes — fixes can introduce new issues.
- Never treat LOW findings as blocking — they are optional polish.
- Never do more than 3 review cycles on the same PR — if still failing after 3, break the PR into smaller pieces.
- Never context-switch between issue types mid-fix — batch similar issues together.
Execution Order
Stage 1: Semgrep (10-20 seconds)
└─ FAIL → fix ALL violations → re-run until PASS
└─ PASS → proceed to Stage 2