Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

afaneor/strict-python-mode

Name: strict-python-mode
Author: afaneor

{{cookiecutter.project_name}}/.claude/skills/strict-python-mode/SKILL.md

npx skillsauth add afaneor/fastapi-docker-boilerplate strict-python-mode

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Strict Python Mode

Core Principles

When writing Python code in this project, ALWAYS follow these rules:

Type hints are mandatory
- Every function parameter must have a type hint
- Every function must have a return type annotation
- Use from collections.abc import for generic types (list, dict, set)
- Never use Any type - if type is unknown, use object or create proper Protocol
Docstrings are required
- Every public function/method needs a docstring
- Use Google-style docstrings format
- Include Args, Returns, Raises sections
Modern Python syntax (3.12+)
- Use list[str] instead of List[str] from typing
- Use dict[str, int] instead of Dict[str, int]
- Use X | None instead of Optional[X]
- Use X | Y for Union types

Code Quality Checks

Before finishing ANY code changes, run these checks:

# 1. Format with Ruff
poetry run ruff format .

# 2. Lint with Ruff
poetry run ruff check . --fix

# 3. Type check with mypy (if available)
poetry run mypy app/ --ignore-missing-imports

Example: Good vs Bad

❌ Bad (will be rejected)

def get_user(id):
    user = db.get(id)
    return user

✅ Good (approved)

def get_user(user_id: int) -> User | None:
    """Fetch user by ID from database.
    
    Args:
        user_id: The unique identifier of the user
        
    Returns:
        User object if found, None otherwise
        
    Raises:
        DatabaseError: If database connection fails
    """
    user = db.get(user_id)
    return user

FastAPI-Specific Rules

Endpoint Signatures

# Always use dependency injection
@router.get("/users/{user_id}")
async def get_user(
    user_id: int,
    db: DatabaseSession = Depends(get_db),
    current_user: User = Depends(get_current_user),
) -> UserResponse:
    """Get user by ID."""
    ...

Response Models

# Always define explicit response models
class UserResponse(BaseModel):
    id: int
    username: str
    email: EmailStr
    created_at: datetime

    class Config:
        from_attributes = True

Validation Rules

Before ANY commit:

All new functions have type hints
All public functions have docstrings
Ruff format passes with no changes needed
Ruff check passes with no errors
If mypy is available, it passes with no errors

If any check fails, FIX IT before showing me the code.

afaneor/strict-python-mode

{{cookiecutter.project_name}}/.claude/skills/strict-python-mode/SKILL.md

Enforces type hints, docstrings, and Python best practices. Use when writing or refactoring Python code, creating new functions, or when user mentions "production-ready" or "type-safe" code.

75 stars

development

Updated Mar 30, 2026

$ install --global

skillsauth

npx skillsauth add afaneor/fastapi-docker-boilerplate strict-python-mode

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 1, 2026, 1:32 AM59.7s1 file scanned

SKILL.md

name:: strict-python-mode
description:: Enforces type hints, docstrings, and Python best practices. Use when writing or refactoring Python code, creating new functions, or when user mentions "production-ready" or "type-safe" code.
allowed-tools:: Edit, Write, Read, Bash(ruff:*, mypy:*)

Strict Python Mode

Core Principles

When writing Python code in this project, ALWAYS follow these rules:

Type hints are mandatory
- Every function parameter must have a type hint
- Every function must have a return type annotation
- Use from collections.abc import for generic types (list, dict, set)
- Never use Any type - if type is unknown, use object or create proper Protocol
Docstrings are required
- Every public function/method needs a docstring
- Use Google-style docstrings format
- Include Args, Returns, Raises sections
Modern Python syntax (3.12+)
- Use list[str] instead of List[str] from typing
- Use dict[str, int] instead of Dict[str, int]
- Use X | None instead of Optional[X]
- Use X | Y for Union types

Code Quality Checks

Before finishing ANY code changes, run these checks:

# 1. Format with Ruff
poetry run ruff format .

# 2. Lint with Ruff
poetry run ruff check . --fix

# 3. Type check with mypy (if available)
poetry run mypy app/ --ignore-missing-imports

Example: Good vs Bad

❌ Bad (will be rejected)

def get_user(id):
    user = db.get(id)
    return user

✅ Good (approved)

def get_user(user_id: int) -> User | None:
    """Fetch user by ID from database.
    
    Args:
        user_id: The unique identifier of the user
        
    Returns:
        User object if found, None otherwise
        
    Raises:
        DatabaseError: If database connection fails
    """
    user = db.get(user_id)
    return user

FastAPI-Specific Rules

Endpoint Signatures

# Always use dependency injection
@router.get("/users/{user_id}")
async def get_user(
    user_id: int,
    db: DatabaseSession = Depends(get_db),
    current_user: User = Depends(get_current_user),
) -> UserResponse:
    """Get user by ID."""
    ...

Response Models

# Always define explicit response models
class UserResponse(BaseModel):
    id: int
    username: str
    email: EmailStr
    created_at: datetime

    class Config:
        from_attributes = True

Validation Rules

Before ANY commit:

All new functions have type hints
All public functions have docstrings
Ruff format passes with no changes needed
Ruff check passes with no errors
If mypy is available, it passes with no errors

If any check fails, FIX IT before showing me the code.

Related Skills

afaneor/secret-scanner

development

VerifiedTrustedCommunity

Detects API keys, passwords, and secrets in code before they reach git. Use before commits, when working with credentials, or when user mentions "security check" or "secrets".

75SKILL.mdUpdated Mar 30, 2026

afaneor/secret-scanner

afaneor/code-quality-gate

development

VerifiedTrustedCommunity

Automated code quality checks before commits. Use before committing code, when finishing a feature, or when user mentions "ready to commit" or "quality check".

75SKILL.mdUpdated Mar 30, 2026

afaneor/code-quality-gate

openclaw/openclaw-secret-scanning-maintainer

development

VerifiedTrustedCommunity

Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.

357,764SKILL.mdUpdated Apr 15, 2026

openclaw/openclaw-secret-scanning-maintainer

openclaw/openclaw-release-maintainer

development

VerifiedTrustedCommunity

Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.

357,764SKILL.mdUpdated Apr 10, 2026

openclaw/openclaw-release-maintainer

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/afaneor/fastapi-docker-boilerplate.git

# Copy into Claude Code skills folder (global)
cp -r fastapi-docker-boilerplate/{{cookiecutter.project_name}}/.claude/skills/strict-python-mode ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

afaneor/fastapi-docker-boilerplate

75 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT