aeondave/design-before-implementation
knowledge/design-before-implementation/SKILL.md
Use before creative or multi-file implementation work: new features, behavior changes, refactors, new skills, offensive tooling workflows, exploit chains, research pipelines, or architecture decisions. Clarifies intent, scope, alternatives, constraints, success criteria, and non-goals before coding or executing.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill design-before-implementationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 5, 2026, 4:12 AM128.1s2 files scanned
SKILL.md
- name:
- design-before-implementation
- description:
- Use before creative or multi-file implementation work: new features, behavior changes, refactors, new skills, offensive tooling workflows, exploit chains, research pipelines, or architecture decisions. Clarifies intent, scope, alternatives, constraints, success criteria, and non-goals before coding or executing.
- license:
- MIT
- compatibility:
- Agent workflow guidance for coding, skill curation, and authorized security work.
- author:
- AeonDave
- version:
- 1.0
Design Before Implementation
Do not optimize the wrong plan. A short design prevents long rework.
Hard gate
Before implementation, produce a design summary and get explicit or clearly implied approval unless the user gave exact step-by-step instructions or the change is a trivial single-edit fix.
Design workflow
- Context scan: inspect current structure, conventions, and constraints.
- Scope check: split work that contains independent subsystems or targets.
- Clarify intent: ask only the missing questions that affect design, safety, or data integrity.
- Options: present 2-3 viable approaches with tradeoffs and a recommendation.
- Design summary: architecture, data/control flow, touched areas, testing, risks, non-goals.
- Review gate: resolve ambiguity, TODOs, contradictions, and scope creep before planning.
Offensive and research focus
- Restate scope, allowed actions, noise/destructive limits, and evidence requirements.
- Prefer the smallest viable technique chain before expanding tooling.
- Separate reconnaissance, exploitability, tooling, validation, and reporting decisions.
- Stop when verification would require access or actions outside the approved boundary.
Output shape
- Goal: one sentence.
- Non-goals: what this will not do.
- Approach: recommended option and why.
- Interfaces/artifacts: files, commands, reports, APIs, or evidence outputs.
- Validation: how success and failure will be proven.
- Open questions: only blockers or meaningful tradeoffs.
Resources
Load on demand:
references/design-gates.md— spec review checklist and common design failure modes.
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026