Skip to content

Avoid Claude code-review skill collision#20

Open
coderabbitai[bot] wants to merge 1 commit into
mainfrom
coderabbit/avoid-claude-code-review-collision
Open

Avoid Claude code-review skill collision#20
coderabbitai[bot] wants to merge 1 commit into
mainfrom
coderabbit/avoid-claude-code-review-collision

Conversation

@coderabbitai

@coderabbitai coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown

Summary

  • Rename the portable review skill metadata from code-review to coderabbit-review.
  • Narrow the skill trigger wording to explicit CodeRabbit review requests.
  • Update README examples and the changelog so install guidance matches the new explicit trigger behavior.

Evidence And Reasoning

Zillow reported in Pylon issue 25315 that the Claude Code plugin skill declares name: code-review, which collides with Claude Code CLI v2.1.205's built-in /code-review command. The report also called out the existing description text, Default code-review skill and autonomous trigger language, as causing plain-language review requests to route to CodeRabbit when the user intended Claude Code's built-in reviewer.

The current main branch reproduced that metadata exactly in skills/code-review/SKILL.md. Renaming the skill metadata to coderabbit-review removes the bare code-review name collision, and narrowing the description/examples to explicit CodeRabbit requests reduces unintended natural-language activation.

This is a static plugin/skill metadata issue, not a backend runtime incident, so service observability was not the decisive evidence. Linear search found adjacent skills-distribution work but no duplicate issue for this specific Claude Code command collision.

Confidence: high. The changed metadata directly removes the reported colliding name and trigger language. Remaining release/distribution timing depends on the normal plugin publishing path.

Validation

  • git diff --check
  • jq empty .claude-plugin/plugin.json .cursor-plugin/plugin.json
  • Read-only frontmatter sanity check confirmed skills/code-review/SKILL.md now exposes coderabbit-review.
  • Repo search found no remaining name: code-review, Default code-review, or autonomously wording in the touched docs/skill files.

Final Prompt

Automation execution profile: CODEX_WORKSPACE.
Treat the following as an operational task for the current automation run, not as a request to create, update, preview, review, or explain an automation.

  • Do not create or modify automations as part of this phase.
  • Do not emit automation_proposal or automation_action_proposal in a live automation run.
  • Do not talk about automation setup, scheduling, confirmation UI, sample-run requirements, or draft previews.
  • Ignore earlier automation-authoring, preview, and review messages in this thread. They are historical setup context, not instructions for this live run.
  • The automation runtime has already created the current run thread when this phase starts. Do not create a second top-level channel message or a second run thread.
  • If the task refers to the top of the new run thread or to the original post or message, it means the Slack message the automation runtime already created for this run.
  • Carry out only the current phase below, then stop. Do not implement later phases yourself.
  • If this run already has a live automation-owned status card, update that existing card in place with an automation_status_card. Do not emit a preview card, draft card, or alternative control surface.
  • If this run does not already have a live automation-owned status card, do not emit automation_status_card. Return only the visible thread reply.
  • When a prompt-driven action says to update the original post, original message, or status card, your final output for this phase must include an automation_status_card that reflects that requested end state before you stop.
  • When the runtime already created or updated the live root status card for this phase, do not add a redundant acknowledgement reply such as 'thread is live' or 'status card updated'.
  • When the live root status card already presents the initial choices or status for this run, do not add a separate introductory thread reply that only restates those controls. Treat the root card as the initial UX for that phase.
  • For the main visible Slack message in this automation run, do not call actor-slack, post_message, a user token, or any other user-scoped Slack action.
  • Return the exact Slack message as your normal final output instead. The automation runtime will deliver that output with the bot identity according to this automation's saved delivery mode.
  • Use actor-scoped Slack actions only when the saved task explicitly asks for a separate user-scoped side action beyond the main automation message.
  • When the task only asks you to post message text, do not return an acknowledgement such as 'Posted hi bot testing'. Return the message text itself.
  • When opening a pull request, include at the end of the PR body.
  • This run was triggered by a webhook event.
  • The automation runtime already applied the saved event type and payload field rules before starting this run. Do not re-check whether the webhook should qualify.
  • Use the webhook payload below as live runtime input. Do not treat it as an example or preview artifact.

Webhook event context:

  • Provider: pylon
  • Connection ID: 088327ac-c674-4b81-9e21-dd928f75b2d5
  • Event type: pylon.issue.created
  • Channel ID: C0B1AFCP40J
  • Payload JSON: {"event_type":"pylon.issue.created","source":"pylon","issue":{"id":"6b2d2b1a-ef88-4c8a-b7b4-b228a4f87019","link":"https://app.usepylon.com/issues?issueNumber=25315","body":"hey <@CodeRabbit Support> small request on the code review skill in claude","account":{"id":"ca8d6dc7-0da9-4d94-9bc0-0db94845e12a","name":"Zillow"},"assignee":"Tim Perry"}}

Task:
Triage this customer support event like a senior support engineer.

Use the ticket details to identify the customer, product area, urgency, impact, and what the customer is trying to do. Classify the issue as one of: product bug, customer confusion, missing documentation, pricing or billing question, account or permissions issue, integration setup issue, or unknown.

If this looks answerable from documentation or known product behavior, check the relevant docs or knowledge base connections and draft a clear customer-facing answer.

If this looks like a product bug, investigate it like a production issue. Check observability and infrastructure connections for matching errors, latency, saturation, traffic shifts, dependency failures, and trace examples. Compare the alert window with recent deploys, config changes, and commits. Check issue tracking and docs and knowledge connections for similar issues/postmortems in the past and see how they were addressed and whether any useful information exists to help debug or resolve the current issue. If you can figure out what the code fix is based on the evidence, then open a PR with the fix. Make sure the pr description includes all the evidence and reasoning about why this PR will fix the issue and your confidence level in the fix working.

Return:

  • classification
  • customer impact and urgency
  • what the customer is asking or reporting
  • confirmed facts
  • likely cause
  • recommended customer response
  • internal next action
  • missing information, if any

Additionally, ensure the final response formatting is visually consistent. All section headers and subsection headers (for example: classification, customer impact and urgency, confirmed facts, likely cause, etc.) must always be bolded consistently in both the returned output and the private note formatting posted to Pylon.

Also post the whole analysis as private note on the pylon ticket that triggered this message using the bot/service-account Pylon connection. Do not use a personal Pylon API token.

If the issue is classified as a billing question, skip the workflow entirely and post only this private note on the Pylon ticket that triggered this message using the bot/service-account Pylon connection: "Skipping CodeRabbit bot analysis since this is a billing-related issue."

Final Plan

Classification
Product bug.

Customer Impact And Urgency
Zillow enterprise customer. Urgency is medium/low: Pylon marks it low / P2 medium, with no escalation. Impact is a Claude Code plugin UX defect: CodeRabbit can collide with Claude Code’s built-in /code-review and route review requests unexpectedly.

What The Customer Is Asking Or Reporting
Sergei reported that coderabbitai/skills v1.1.1 declares the review skill as name: code-review, colliding with Claude Code CLI v2.1.205’s built-in /code-review. He asked us to rename or narrow the skill trigger behavior.

Confirmed Facts

  • The full ticket details are in Pylon issue 25315.
  • coderabbitai/skills main reproduced the reported metadata.
  • Opened fix PR: Avoid Claude code-review skill collision #20
  • Posted the full analysis as a private Pylon note and verified it is private.

Likely Cause
The skill used a generic host-level name plus broad “default/autonomous” trigger wording, creating ambiguity with Claude Code’s built-in review command.

Recommended Customer Response
“Thanks for the detailed report, Sergei. We reproduced the collision and opened a fix to rename the CodeRabbit skill metadata to coderabbit-review and narrow activation to explicit CodeRabbit requests. Until that ships through the plugin/skills distribution path, your local SKILL.md edit is the right workaround, but reinstalling can still revert it.”

Internal Next Action
Review/merge coderabbitai/skills#20, then republish the relevant Claude plugin / skills distribution so Zillow receives the fix on reinstall.

Missing Information
Need maintainer confirmation that no downstream installer depends on the old code-review frontmatter name, plus release/marketplace propagation timing.

Change Digest

  • 🛠️ skills/code-review/SKILL.md +7/-7
  • 🛠️ README.md +12/-12
  • 🛠️ CHANGELOG.md +3/-0

Validation
git diff --check, JSON manifest validation with jq, frontmatter sanity check, and stale wording search all passed.

Initiative Context

Summary by CodeRabbit

  • Documentation
    • Updated guidance and examples to use clearer CodeRabbit-specific review prompts.
    • Renamed the available review skill label to coderabbit-review.
    • Refined trigger phrases so the skill activates only for explicit CodeRabbit review requests, reducing confusion with other built-in review commands.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Author

Review Change Stack

📝 Walkthrough

Walkthrough

This PR renames the code-review skill's identifier to coderabbit-review and updates its trigger wording to explicitly require CodeRabbit-related phrasing, avoiding collisions with host-agent built-in code-review commands. The SKILL.md frontmatter and "When to Use" section were updated accordingly. README.md was revised to reflect the renamed skill in the Quickstart instruction, Usage examples, Available Skills section heading and triggers list, and a new note under Claude Code plugin components. CHANGELOG.md documents this rename and trigger change under Unreleased → Changed.

Poem

A rabbit hopped through skill and doc,
renamed "code-review" with a tick-tock knock 🐰
Now "coderabbit-review" is the name we say,
triggers sharpened to keep confusion away.
Changelog updated, README refined —
hop hop hooray, the rename's aligned! 🥕

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the main change: resolving the Claude Code review-skill naming collision.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note

CodeRabbit posted this review as a comment because GitHub doesn't allow pull request authors to request changes on their own pull requests.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@skills/code-review/SKILL.md`:
- Line 27: Remove the bare review trigger phrase from the skill guidance in
SKILL.md so only the explicit review invocation remains; update the wording near
the review trigger text to avoid matching generic CLI usage, keeping the
instructions aligned with the explicit-review-only scope.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: f58dcde7-5777-4e23-be8a-4b9385d3d203

📥 Commits

Reviewing files that changed from the base of the PR and between 2fd091d and d9b34b7.

📒 Files selected for processing (3)
  • CHANGELOG.md
  • README.md
  • skills/code-review/SKILL.md
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • coderabbitai/bitbucket (manual)
📜 Review details
⚠️ CI failures not shown inline (2)

GitHub Actions: Required approver / verify: Avoid Claude code-review skill collision

Conclusion: failure

View job details

##[group]Run set -euo pipefail
 �[36;1mset -euo pipefail�[0m
 �[36;1m�[0m
 �[36;1mowner="${REPOSITORY%%/*}"�[0m
 �[36;1mrepo="${REPOSITORY#*/}"�[0m
 �[36;1m�[0m
 �[36;1mresponse="$(�[0m
 �[36;1m  gh api graphql \�[0m
 �[36;1m    -f owner="$owner" \�[0m
 �[36;1m    -f repo="$repo" \�[0m
 �[36;1m    -F number="$PR_NUMBER" \�[0m
 �[36;1m    -f query='�[0m
 �[36;1m      query($owner: String!, $repo: String!, $number: Int!) {�[0m
 �[36;1m        repository(owner: $owner, name: $repo) {�[0m
 �[36;1m          pullRequest(number: $number) {�[0m
 �[36;1m            isDraft�[0m
 �[36;1m            reviews(last: 100) {�[0m
 �[36;1m              nodes {�[0m
 �[36;1m                author {�[0m
 �[36;1m                  login�[0m
 �[36;1m                }�[0m
 �[36;1m                commit {�[0m
 �[36;1m                  oid�[0m
 �[36;1m                }�[0m
 �[36;1m                state�[0m
 �[36;1m                submittedAt�[0m
 �[36;1m              }�[0m
 �[36;1m            }�[0m
 �[36;1m          }�[0m
 �[36;1m        }�[0m
 �[36;1m      }�[0m
 �[36;1m    '�[0m
 �[36;1m)"�[0m
 �[36;1m�[0m
 �[36;1mis_draft="$(jq -r '.data.repository.pullRequest.isDraft' <<<"$response")"�[0m
 �[36;1mif [[ "$is_draft" == "true" ]]; then�[0m
 �[36;1m  echo "Draft PRs cannot merge; approver gate will run when ready for review."�[0m
 �[36;1m  exit 0�[0m
 �[36;1mfi�[0m
 �[36;1m�[0m
 �[36;1mapproved_by="$(�[0m
 �[36;1m  jq -r \�[0m
 �[36;1m    --arg head "$HEAD_SHA" \�[0m
 �[36;1m    --argjson approvers "$(jq -Rc 'split(",")' <<<"$REQUIRED_APPROVERS")" \�[0m
 �[36;1m    '�[0m
 �[36;1m      .data.repository.pullRequest.reviews.nodes�[0m
 �[36;1m      | map(select((.author.login // "") as $login | $approvers | index($login)))�[0m
 �[36;1m      | sort_by(.author.login)�[0m
 �[36;1m      | group_by(.author.login)�[0m
 �[36;1m      | map(max_by(.submittedAt))�[0m
 �[36;1m      | map(select(.state == "APPROVED" and .commit.oid == $head))�[0m
 �[36;1m      | first.author.login // empty�[0m
 �[36;1m    ...

GitHub Actions: Required approver / 0_verify.txt: Avoid Claude code-review skill collision

Conclusion: failure

View job details

##[group]Run set -euo pipefail
 �[36;1mset -euo pipefail�[0m
 �[36;1m�[0m
 �[36;1mowner="${REPOSITORY%%/*}"�[0m
 �[36;1mrepo="${REPOSITORY#*/}"�[0m
 �[36;1m�[0m
 �[36;1mresponse="$(�[0m
 �[36;1m  gh api graphql \�[0m
 �[36;1m    -f owner="$owner" \�[0m
 �[36;1m    -f repo="$repo" \�[0m
 �[36;1m    -F number="$PR_NUMBER" \�[0m
 �[36;1m    -f query='�[0m
 �[36;1m      query($owner: String!, $repo: String!, $number: Int!) {�[0m
 �[36;1m        repository(owner: $owner, name: $repo) {�[0m
 �[36;1m          pullRequest(number: $number) {�[0m
 �[36;1m            isDraft�[0m
 �[36;1m            reviews(last: 100) {�[0m
 �[36;1m              nodes {�[0m
 �[36;1m                author {�[0m
 �[36;1m                  login�[0m
 �[36;1m                }�[0m
 �[36;1m                commit {�[0m
 �[36;1m                  oid�[0m
 �[36;1m                }�[0m
 �[36;1m                state�[0m
 �[36;1m                submittedAt�[0m
 �[36;1m              }�[0m
 �[36;1m            }�[0m
 �[36;1m          }�[0m
 �[36;1m        }�[0m
 �[36;1m      }�[0m
 �[36;1m    '�[0m
 �[36;1m)"�[0m
 �[36;1m�[0m
 �[36;1mis_draft="$(jq -r '.data.repository.pullRequest.isDraft' <<<"$response")"�[0m
 �[36;1mif [[ "$is_draft" == "true" ]]; then�[0m
 �[36;1m  echo "Draft PRs cannot merge; approver gate will run when ready for review."�[0m
 �[36;1m  exit 0�[0m
 �[36;1mfi�[0m
 �[36;1m�[0m
 �[36;1mapproved_by="$(�[0m
 �[36;1m  jq -r \�[0m
 �[36;1m    --arg head "$HEAD_SHA" \�[0m
 �[36;1m    --argjson approvers "$(jq -Rc 'split(",")' <<<"$REQUIRED_APPROVERS")" \�[0m
 �[36;1m    '�[0m
 �[36;1m      .data.repository.pullRequest.reviews.nodes�[0m
 �[36;1m      | map(select((.author.login // "") as $login | $approvers | index($login)))�[0m
 �[36;1m      | sort_by(.author.login)�[0m
 �[36;1m      | group_by(.author.login)�[0m
 �[36;1m      | map(max_by(.submittedAt))�[0m
 �[36;1m      | map(select(.state == "APPROVED" and .commit.oid == $head))�[0m
 �[36;1m      | first.author.login // empty�[0m
 �[36;1m    ...
🧰 Additional context used
🪛 SkillSpector (2.3.7)
skills/code-review/SKILL.md

[warning] 80: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 82: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 83: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 84: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 80: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 82: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 83: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 84: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))

🔇 Additional comments (4)
README.md (2)

105-105: Covered by the trigger-scope issue in skills/code-review/SKILL.md; these examples still advertise the same broad command phrase.

Also applies to: 179-179


22-22: LGTM!

Also applies to: 166-166, 218-219

skills/code-review/SKILL.md (1)

2-3: LGTM!

CHANGELOG.md (1)

17-19: LGTM!

- Use CodeRabbit to check code quality, bugs, or security issues
- Use CodeRabbit for PR feedback or pull request review
- Ask CodeRabbit what's wrong with code or changes
- Run coderabbit / Use coderabbit

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail
sed -n '1,120p' skills/code-review/SKILL.md | cat -n

Repository: coderabbitai/skills

Length of output: 5281


🏁 Script executed:

#!/bin/bash
set -euo pipefail
rg -n "Run coderabbit|Use coderabbit|coderabbit review|explicitly asks CodeRabbit" skills

Repository: coderabbitai/skills

Length of output: 573


Remove the bare Run coderabbit trigger. skills/code-review/SKILL.md:27 still includes a phrase broad enough to match non-review CLI usage, which conflicts with the explicit-review-only scope in the surrounding text.

🧰 Tools
🪛 SkillSpector (2.3.7)

[warning] 80: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 82: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 83: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 84: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@skills/code-review/SKILL.md` at line 27, Remove the bare review trigger
phrase from the skill guidance in SKILL.md so only the explicit review
invocation remains; update the wording near the review trigger text to avoid
matching generic CLI usage, keeping the instructions aligned with the
explicit-review-only scope.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants