macieklamberski/formatting
skills/formatting/SKILL.md
Code formatting and style rules not handled by auto-formatters (Biome/Prettier). Use when writing or modifying code files. Covers function declarations, exports, types, comments, JSX, and naming conventions.
$ install --global
skillsauthnpx skillsauth add macieklamberski/kvalita formattingInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 26, 2026, 1:13 PM73.8s1 file scanned
SKILL.md
- name:
- formatting
- description:
- Code formatting and style rules not handled by auto-formatters (Biome/Prettier). Use when writing or modifying code files. Covers function declarations, exports, types, comments, JSX, and naming conventions.
Code Formatting Rules
Style guide for code formatting decisions not handled by auto-formatters (Biome/Prettier).
1. Function Declaration Style
Use arrow functions with explicit types:
// Correct
export const functionName: FunctionType = (params) => {}
// Avoid
export function functionName(params): ReturnType {}
2. Export Patterns
Named exports only - no default exports:
// Correct
export const processData = () => {}
export type DataType = {}
// Avoid
export default processData
3. Early Returns
Use early returns for validation:
export const processData = (input) => {
// Early return for validation.
if (!isValid(input)) {
return
}
const result = {
property1: transform(input.field1),
property2: transform(input.field2),
}
return cleanObject(result)
}
4. Type Definitions
Use types over interfaces:
// Correct
export type User = {
name?: string
}
// Avoid
export interface User {
name?: string
}
Use namespaces for related types:
export namespace UserModule {
export type Profile = {
bio: string
}
}
Generic types:
export type Record<TDate extends DateLike> = {
createdAt?: TDate
}
Union types for flexible required fields:
export type Document = {
title?: string
content?: string
} & ({ title: string } | { content: string })
5. File Structure
Standard file order:
- Import statements
- Type definitions or exported functions
- Helper functions
- Main exported functions
6. Curly Braces
Always use curly braces for arrow functions:
// Correct
export const fn = (value) => {
return value != null
}
// Even for single expressions
export const fn = (value) => {
return processValue(value)
}
Important: This rule can be ignored if similar code near this fragment uses different formatting (eg. no curly braces). This is more for newly created code.
7. Variable Naming
Use full words - avoid abbreviations and shorthands:
// Correct
const error = new Error()
const length = array.length
const value = getValue()
// Avoid
const err = new Error()
const len = array.length
const val = getValue()
Function name prefixes:
parse*for parsing operationsgenerate*for generation operationsget*/fetch*for retrieval operationsis*/has*for boolean checksvalidate*for validation operations
8. Comments
Write comments as sentences:
// This is a proper sentence with capitalization and punctuation.
const value = process()
Place comments above the subject:
// Correct
// Calculate the total value.
const total = sum(values)
// Avoid
const total = sum(values) // Calculate the total value.
Exception - inline comments for arrays, properties, types:
const apiUrls = {
production: [
'https://api.example.com/v1', // Primary endpoint.
'https://api.example.com/v2',
],
}
export type User = {
name?: string // The user's display name.
}
Use JSDoc sparingly - avoid creating full API references:
// Correct - minimal JSDoc
/** @deprecated Use `updatedProperty` instead. */
legacyProperty?: string
/** @internal */
export type InternalConfig = {}
// Avoid - excessive documentation
/**
* Processes the input data and returns result
* @param input - The data to process
* @returns The processed result or undefined
* @example
* const result = processData({ name: 'John' })
*/
export const processData = (input) => {}
9. Array Type Syntax
Use Array<T> generic syntax, not T[] shorthand:
// Correct
const items: Array<string> = []
export type Record = { tags: Array<Tag> }
// Avoid
const items: string[] = []
export type Record = { tags: Tag[] }
10. Nullish Coalescing Over Logical OR
Use ?? for defaults, never ||:
// Correct
const host = process.env.HOST ?? 'localhost'
const title = item.title ?? 'Untitled'
// Avoid
const host = process.env.HOST || 'localhost'
11. Template Literals Only
Use template literals for string composition, never + concatenation:
// Correct
const message = `${prefix}: ${error.message}`
const url = `https://${host}/api/${version}`
// Avoid
const message = prefix + ': ' + error.message
12. Bare return (Never return undefined)
When a function returns | undefined, use bare return:
// Correct
export const findUser = (id: string): User | undefined => {
if (!isValid(id)) {
return
}
// ...
}
// Avoid
if (!isValid(id)) {
return undefined
}
13. void Prefix for Fire-and-Forget
Prefix intentionally non-awaited async calls with void:
// Correct
void sendNotification(user.id)
void analytics.track('page_view', { url })
// Avoid — looks like a forgotten await
sendNotification(user.id)
14. Empty catch {} for Expected Failures
When failure is acceptable (URL parsing, JSON parse, DNS), use empty catch {} and return a safe default:
export const extractDomain = (url: string): string | undefined => {
try {
return new URL(url).hostname
} catch {}
}
export const parseJson = (raw: string): unknown | undefined => {
try {
return JSON.parse(raw)
} catch {}
}
15. Config via Constants Modules
Isolate all process.env access in dedicated constants files. Business logic never touches process.env directly:
// constants/database.ts
export const host = process.env.DATABASE_HOST ?? 'localhost'
export const port = process.env.DATABASE_PORT ? Number(process.env.DATABASE_PORT) : 5432
// Consumers use the constants, not process.env
import * as databaseConstants from './constants/database.ts'
16. JSX
Place event handlers (on* attributes) last:
// Correct
<Button type="submit" disabled={isLoading} className="btn" onClick={handleClick}>
Submit
</Button>
<input id="name" value={name} placeholder="Enter name" onChange={handleChange} />
// Avoid
<Button onClick={handleClick} type="submit" disabled={isLoading}>
Submit
</Button>
Related Skills
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026
openclaw/openclaw-release-maintainer
development
VerifiedTrustedCommunity
Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/openclaw-qa-testing
development
VerifiedTrustedCommunity
Run, watch, debug, and extend OpenClaw QA testing with qa-lab and qa-channel. Use when Codex needs to execute the repo-backed QA suite, inspect live QA artifacts, debug failing scenarios, add new QA scenarios, or explain the OpenClaw QA workflow. Prefer the live OpenAI lane with regular openai/gpt-5.4 in fast mode; do not use gpt-5.4-pro or gpt-5.4-mini unless the user explicitly overrides that policy.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/openclaw-parallels-smoke
development
VerifiedTrustedCommunity
End-to-end Parallels smoke, upgrade, and rerun workflow for OpenClaw across macOS, Windows, and Linux guests. Use when Codex needs to run, rerun, debug, or interpret VM-based install, onboarding, gateway smoke tests, latest-release-to-main upgrade checks, fresh snapshot retests, or optional Discord roundtrip verification under Parallels.
357,764SKILL.mdUpdated Apr 10, 2026