alexei-led/writing-shell
src/skills/writing-shell/SKILL.md
Idiomatic shell development for POSIX sh, Bash, Zsh, Fish, hooks, CI shell steps, and scriptable CLI glue. Use when writing or changing `.sh`, `.bash`, `.zsh`, `.fish`, `.bats`, shell functions, shell pipelines, or command-runner recipes. Emphasizes portability, quoting, safe filesystem/process handling, non-TUI CLI tools, ShellCheck, shfmt, Bats, and ShellSpec. NOT for Python, TypeScript, Go, web code, or infrastructure operations.
$ install --global
skillsauthnpx skillsauth add alexei-led/claude-code-config writing-shellInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 5, 2026, 3:41 AM53.6s4 files scanned
SKILL.md
- name:
- writing-shell
Shell Development
Scope
- Use for shell scripts, hooks, CI shell blocks, command pipelines, and local automation glue.
- Do not use for cloud, Kubernetes, Terraform, host, or network operations; use
operating-infra. - Do not use for application logic that belongs in Python, Go, TypeScript, or another project language.
Read references
- Read patterns.md before non-trivial scripts or pipelines.
- Read tools.md when choosing external CLI tools or parsing structured data.
- Read testing.md before adding or changing shell tests or quality gates.
Defaults
- Follow the existing shebang, shell, style, and project tooling first.
- For new portable scripts, use POSIX
shwhen the logic is simple; use Bash when arrays,pipefail, regex, or richer functions are needed. - Use Zsh or Fish only for existing files or explicit user intent. Keep Fish/Zsh config separate from portable scripts.
- Do not rely on the agent's current shell. Put the intended shell in the shebang or invoke it explicitly in tests.
- Prefer small shell scripts that call stable tools. Move complex data modeling or business logic to a real language.
Core rules
- Quote expansions unless word splitting is intentional and documented by structure.
- Avoid
eval,curl | sh, parsingls, unguarded globbing, and unsaferm/mv/cppaths. - Use arrays for arguments in Bash; use newline/NUL-safe loops for filenames.
- Use
mktempplus cleanup traps for temporary files and directories. - Check required external commands when a script depends on them. Do not install tools silently.
- Account for macOS/BSD versus GNU flag differences when writing portable scripts.
- Prefer machine-readable output from tools, then parse it with structured parsers.
- Use
looking-up-docsfor exact external CLI flags, syntax, or version behavior; do not guess from memory.
Verification
Run the project-configured shell gates. Prefer:
- formatting:
shfmt - linting:
shellcheck;checkbashismsfor POSIXsh - tests: Bats for Bash-heavy projects; ShellSpec for POSIX or multi-shell behavior
- security/policy: Semgrep shell rules when the script handles secrets, downloads, deletion, or user-controlled input
If a tool is unavailable or unconfigured, state the gap and run the closest available check. If a check fails, quote the diagnostic, fix the cause, and rerun the relevant check.
Final response
Include:
- changed files
- shell target used: POSIX sh, Bash, Zsh, or Fish
- checks run and results
- checks skipped with reasons
- remaining portability or safety risks
Related Skills
alexei-led/spec-flow
tools
VerifiedTrustedCommunity
Use when planning, executing, checkpointing, finishing, or inspecting lightweight spec-driven work. Runs one task at a time using `.spec/` markdown files and the bundled `specctl` helper. NOT for broad product discovery beyond a short requirement interview.
33SKILL.mdUpdated Jun 5, 2026
alexei-led/operating-infra
testing
VerifiedTrustedCommunity
Author, inspect, troubleshoot, and review infrastructure across IaC, Kubernetes, cloud resources, containers, CI/CD, and Linux hosts. Use when changing Terraform/OpenTofu, Kubernetes, Helm, Kustomize, Dockerfiles, GitHub Actions, AWS, GCP, Cloud Run, BigQuery, IAM, logs, instances, or service health. NOT for deploy/apply/rollback workflows (see deploying-infra). NOT for shell scripts or generic command pipelines (see writing-shell).
33SKILL.mdUpdated Jun 5, 2026
alexei-led/configuring-git-hygiene
development
VerifiedTrustedCommunity
Configure safe git workflow hygiene: pre-commit/pre-push hooks, Gitleaks secret scanning, .gitignore rules, local git config, and guardrails. Use when setting up git hooks, gitleaks/git leaks, staged pre-commit checks, pre-push validation, core.hooksPath, .gitignore, or git config best practices. NOT for creating commits (use committing-code), cleaning branches/worktrees (use cleanup-git), or creating worktrees (use using-git-worktrees).
33SKILL.mdUpdated Jun 5, 2026
alexei-led/browser-automation
tools
VerifiedTrustedCommunity
Browser automation for rendered UI exploration, validation, screenshots, recordings, and end-to-end flows. Use when a task needs an actual browser or rendered DOM: inspect UI state, click/fill forms, debug frontend behavior, capture evidence, verify a feature, or run/generate browser tests. NOT for API checks or pure logic tests where curl, unit tests, or JSDOM is cheaper.
33SKILL.mdUpdated Jun 5, 2026