Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

NodeJSmith/cli-harden

Name: cli-harden
Author: NodeJSmith

skills-cli/cli-harden/SKILL.md

npx skillsauth add NodeJSmith/Claudefiles cli-harden

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Review CLI tools for resilience against edge cases, hostile inputs, and real-world operating conditions that break idealized assumptions.

Arguments

$ARGUMENTS — path to a CLI script or tool, or blank to target the current branch's changed files.

Phase 1: Discover

Identify what to harden:

If $ARGUMENTS names a file or directory, scope to that
Otherwise, find CLI scripts changed on this branch (git-branch-diff-files | grep -E '\.(sh|bash|py|ts|js)$')
If no files are found, stop and tell the user: "No CLI scripts found on this branch. Pass a file path as an argument (e.g., /cli-harden path/to/script.sh) or run on a branch with CLI file changes."
Read each file. For each, note: language, argument parsing method, output behavior, error handling approach

Phase 2: Assess

Read ${CLAUDE_HOME:-~/.claude}/skills/cli-harden/REFERENCE.md for the full set of hardening dimensions. If the file is not found, stop and tell the user: "REFERENCE.md not found — run uv run install.py to install the cli-* skills."

Evaluate each script against those dimensions. For each, note:

Solid — handles the concern adequately
Gap — missing or incomplete handling
Risk — active bug or failure mode under realistic conditions

Focus on gaps and risks. Don't enumerate what's already solid unless it's noteworthy.

Phase 3: Propose

Write out findings to the user, grouped by severity. For each finding: file and line, what the issue is, what the fix looks like.

Risks — will break under realistic conditions
Gaps — missing resilience that users will hit eventually
Improvements — nice-to-have hardening

Then confirm:

AskUserQuestion:
  question: "Here's what I found. How would you like to proceed?"
  header: "Confirm"
  options:
    - label: "Fix all"
      description: "Implement fixes for all risks and gaps."
    - label: "Risks only"
      description: "Fix only the active risks — skip gaps and improvements."
    - label: "Let me pick"
      description: "I'll choose which findings to address."
    - label: "Stop here"
      description: "Don't change anything. The assessment stands on its own."

If "Fix all" → implement all risks + gaps. If "Risks only" → implement risks only. If "Let me pick" → present findings individually for accept/reject. If "Stop here" → end.

Phase 4: Implement

Fix each accepted finding. After all changes:

Run existing tests if present — detect the runner (pytest for Python, go test for Go, npm test/jest/vitest for Node/TS, bats for shell). Use timeout 300 on all invocations.
Verify fixes don't break the happy path
Summarize changes made and suggest /mine.challenge if the scope was large

NodeJSmith/cli-harden

skills-cli/cli-harden/SKILL.md

Use when the user says: "harden this CLI", "CLI edge cases", "make this CLI resilient", "handle CLI errors", "CLI robustness". Review CLI tools for edge-case resilience and production readiness.

1 stars

tools

Updated May 8, 2026

$ install --global

skillsauth

npx skillsauth add NodeJSmith/Claudefiles cli-harden

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 8, 2026, 2:16 AM146.6s2 files scanned

SKILL.md

name:: cli-harden
description:: Use when the user says: "harden this CLI", "CLI edge cases", "make this CLI resilient", "handle CLI errors", "CLI robustness". Review CLI tools for edge-case resilience and production readiness.
user-invocable:: true

Review CLI tools for resilience against edge cases, hostile inputs, and real-world operating conditions that break idealized assumptions.

Arguments

$ARGUMENTS — path to a CLI script or tool, or blank to target the current branch's changed files.

Phase 1: Discover

Identify what to harden:

If $ARGUMENTS names a file or directory, scope to that
Otherwise, find CLI scripts changed on this branch (git-branch-diff-files | grep -E '\.(sh|bash|py|ts|js)$')
If no files are found, stop and tell the user: "No CLI scripts found on this branch. Pass a file path as an argument (e.g., /cli-harden path/to/script.sh) or run on a branch with CLI file changes."
Read each file. For each, note: language, argument parsing method, output behavior, error handling approach

Phase 2: Assess

Evaluate each script against those dimensions. For each, note:

Solid — handles the concern adequately
Gap — missing or incomplete handling
Risk — active bug or failure mode under realistic conditions

Focus on gaps and risks. Don't enumerate what's already solid unless it's noteworthy.

Phase 3: Propose

Write out findings to the user, grouped by severity. For each finding: file and line, what the issue is, what the fix looks like.

Risks — will break under realistic conditions
Gaps — missing resilience that users will hit eventually
Improvements — nice-to-have hardening

Then confirm:

AskUserQuestion:
  question: "Here's what I found. How would you like to proceed?"
  header: "Confirm"
  options:
    - label: "Fix all"
      description: "Implement fixes for all risks and gaps."
    - label: "Risks only"
      description: "Fix only the active risks — skip gaps and improvements."
    - label: "Let me pick"
      description: "I'll choose which findings to address."
    - label: "Stop here"
      description: "Don't change anything. The assessment stands on its own."

If "Fix all" → implement all risks + gaps. If "Risks only" → implement risks only. If "Let me pick" → present findings individually for accept/reject. If "Stop here" → end.

Phase 4: Implement

Fix each accepted finding. After all changes:

Run existing tests if present — detect the runner (pytest for Python, go test for Go, npm test/jest/vitest for Node/TS, bats for shell). Use timeout 300 on all invocations.
Verify fixes don't break the happy path
Summarize changes made and suggest /mine.challenge if the scope was large

Related Skills

NodeJSmith/mine.create-issue

development

VerifiedTrustedCommunity

Use when the user says: 'create an issue', 'file an issue', 'open an issue', 'write an issue', 'new issue for this'. Codebase-aware issue creation — investigates the code to produce well-structured issues with acceptance criteria, affected areas, and enough detail for automated triage.

1SKILL.mdUpdated May 28, 2026

NodeJSmith/mine.create-issue

NodeJSmith/mine.issues-triage

development

VerifiedTrustedCommunity

Use when the user says: 'triage issues', 'classify issues by complexity', 'assess issue complexity', 'find quick wins', 'which issues are small', 'batch issue assessment'. Batch codebase-aware issue triage — parallel Haiku subagents assess actual complexity and effort by reading the code, not just titles.

1SKILL.mdUpdated May 27, 2026

NodeJSmith/mine.issues-triage

NodeJSmith/mine.review

development

VerifiedTrustedCommunity

Use when the user says: "review my changes", "run the reviewers", "code and integration review", "readability review", "maintainability review", "sniff test this", "WTF check", "code smells", "is this code any good", "fresh eyes on this branch", "review this directory", "check this module". Dispatches three parallel reviewers — code, integration, and a readability pass — and consolidates findings into one prioritized report.

1SKILL.mdUpdated May 26, 2026

NodeJSmith/mine.review

NodeJSmith/mine.clean-code

development

VerifiedTrustedCommunity

Use when the user says: "clean code check", "style review", "LLM smell check", "code hygiene", "nitpick this", "style check", "find style sins", "nitpicker review", "anal retentive review", "exhaustive style review", "no-filter style report". Dispatches three parallel stylistic checkers — llm-checker (training-bias patterns), lazy-checker (deferred debt), and nitpicker (style hygiene) — and consolidates findings into a report organized by checker with a Summary section for orchestration consumption.

1SKILL.mdUpdated May 26, 2026

NodeJSmith/mine.clean-code

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/NodeJSmith/Claudefiles.git

# Copy into Claude Code skills folder (global)
cp -r Claudefiles/skills-cli/cli-harden ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

NodeJSmith/Claudefiles

1 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT