michaelalber/picar-x-behavior
skills/professional/picar-x-behavior/SKILL.md
Build composable robot behaviors for SunFounder Picar-X. Use when creating autonomous driving behaviors, sensor-reactive patterns, and behavior trees for the Picar-X robot platform. Do NOT use when the platform is not a SunFounder Picar-X without first adapting the API references; Do NOT use when the goal is general robotics outside the Picar-X hardware profile.
development
Updated Jun 4, 2026
$ install --global
skillsauthnpx skillsauth add michaelalber/ai-toolkit picar-x-behaviorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 8:40 AM143.2s5 files scanned
SKILL.md
- name:
- picar-x-behavior
- audience:
- professional
- description:
- >
Picar-X Behavior Composer
"The world is its own best model. The trick is to sense it appropriately and often enough." -- Rodney Brooks, Intelligence Without Representation
Core Philosophy
This skill builds composable, safe robot behaviors for the SunFounder Picar-X. Behaviors are small, testable units of reactive control that combine into complex autonomous systems through well-defined composition patterns — priority, sequence, and parallel. Each behavior senses and acts independently; safety is enforced at the driver layer, not just the behavior layer; and nothing reaches real motors before it passes static tests with mocked hardware.
Non-Negotiable Constraints:
- SAFETY FIRST — every behavior tree includes an emergency stop at the highest priority. No exceptions.
- TEST INCREMENTALLY — validate each behavior in static tests (no motors) before any dynamic test on real hardware.
- COMPOSE FROM SIMPLE — build complex behaviors by composing verified simple ones; never a monolithic control loop.
- BOUND ALL OUTPUTS — motor speeds, servo angles, and timing have hard limits enforced at the driver layer.
- FAIL SAFE — any unhandled exception, sensor timeout, or comms failure results in a full stop, not continued operation.
Full principle table, the pre-flight safety checklist, per-phase detail, discipline rules,
anti-patterns, and error recovery live in references/conventions.md.
Workflow
DEFINE Name + one-sentence goal; sensor inputs; actuator outputs; safety constraints; sense-act loop.
IMPLEMENT Behavior subclass: setup()/update()/teardown(); bounds checks in update(); teardown()
always stops motors + centers servos; log reads/writes.
TEST_STATIC Mock all hardware; test update() command mapping, boundary conditions, teardown stop,
and safety-limit enforcement. All pytest pass before proceeding.
TEST_DYNAMIC Complete the pre-flight safety checklist (conventions.md). Speed 10-15; bounded run
(5-10s); observe + log; raise speed gradually only after clean runs.
COMPOSE Priority order (highest = safety); wire a behavior tree / priority selector
(patterns in behavior-composition.md); static-test first; verify suppression; low-speed dynamic test.
DEPLOY Operational speed limits; production watchdog timeouts; logging; monitor the first run
with operator present; iterate on tuning.
Exit criteria: a verified emergency-stop behavior wired at highest priority; each behavior passes
static tests with mocked hardware before any hardware run; dynamic tests started at ≤ 15 speed and
ramped only after clean runs; composed system suppresses lower priorities correctly; watchdog
timeouts configured. Driver API in references/picar-x-api.md.
State Block
<picar-behavior-state>
step: DEFINE | IMPLEMENT | TEST_STATIC | TEST_DYNAMIC | COMPOSE | DEPLOY
behavior_name: [e.g., "obstacle_avoidance", "line_following", "object_tracking"]
safety_constraints: [e.g., "max_speed=30, emergency_stop=enabled, min_distance=25cm"]
control_loop_hz: [number, e.g., 20]
last_action: [what was just done]
next_action: [what should happen next]
blockers: [any issues]
</picar-behavior-state>
Output Template
- Behavior definition report, test results report —
references/output-templates.md. - Composition patterns (priority / sequence / parallel, behavior trees) —
references/behavior-composition.md. - Hardware/driver API (motors, servos, ultrasonic, grayscale, camera) —
references/picar-x-api.md. - Principle table, pre-flight checklist, per-phase detail, discipline rules, anti-patterns, error recovery —
references/conventions.md.
Integration with Other Skills
| Skill | Relationship |
|-------|-------------|
| sensor-integration | Build and calibrate sensor pipelines (ultrasonic filtering, grayscale normalization, camera capture); feed processed data into behaviors. |
| edge-cv-pipeline | Build CV pipelines (object/lane/sign detection) on the Pi; vision behaviors consume their outputs. |
| tdd / tdd-agent | Apply TDD when implementing behavior classes — failing tests for sensor-to-actuator logic before implementation, especially for static tests with mocked hardware. |
| jetson-deploy | If offloading heavy CV inference to a Jetson, use it for deployment; the Picar-X reads inference results over the network. |
Related Skills
michaelalber/security-review-federal
development
VerifiedTrustedCommunity
Federal / government security overlay applied ON TOP OF a base language security review (dotnet/python/php/rust/react). Language-agnostic: adds NIST SP 800-53 control mapping, FIPS 140-2/3 cryptographic compliance (with a per-language crypto table), CUI handling, EO 14028 supply-chain requirements, and DOE Order 205.1B, and emits POA&M-ready findings with FIPS 199 impact levels. Use for federal/DOE/DOD/national-laboratory systems. Triggers on "federal security review", "NIST compliance", "NIST 800-53", "FISMA", "CUI", "FIPS audit", "DOE security", "POA&M", "ATO review". Do NOT use alone — run the matching <lang>-security-review FIRST; this overlay maps and extends it.
SKILL.mdUpdated Jun 4, 2026
michaelalber/react-security-review
tools
VerifiedTrustedCommunity
OWASP-based security review of React / TypeScript front-end applications. Detects the framework (Vite/CRA/Next), entry points, and data flows, scans against the OWASP Top 10 (2025) mapped to React client-side patterns (XSS via raw HTML, URL/protocol injection, secrets in the bundle, insecure token storage, dependency CVEs, missing CSP, open redirects), and produces a manager-friendly executive summary plus a graded technical findings table. Use to audit React code for vulnerabilities. Triggers on "react security review", "frontend security audit", "audit react for vulnerabilities", "owasp react", "react xss", "react security posture", "npm audit review". For federal / gov / DOE / NIST / FIPS / CUI context, run security-review-federal after this base review. Do NOT use to grade architecture/structure — use react-architecture-checklist.
SKILL.mdUpdated Jun 4, 2026
michaelalber/react-modernization-analyzer
tools
VerifiedTrustedCommunity
Analyzes legacy React codebases and produces actionable modernization plans. Primary migration paths include class components to function components + hooks, Create React App to Vite, React 16/17 to 18 to 19, JavaScript to TypeScript, Enzyme to React Testing Library, legacy Redux to Redux Toolkit / Zustand / Context, and deprecated lifecycle/API removal. Does NOT perform the migration — assesses, quantifies risk, and plans. Triggers on phrases like "modernize react", "class to hooks", "upgrade react", "migrate CRA to vite", "react legacy migration", "react 17 to 18", "react js to typescript", "react technical debt", "enzyme to RTL".
SKILL.mdUpdated Jun 4, 2026
michaelalber/react-feature-slice
development
VerifiedTrustedCommunity
Scaffolds feature-based React / TypeScript architecture using feature folders, presentational + container components, custom hooks, a typed data layer, and structural CQRS (query hooks vs mutation hooks). React analog of dotnet-vertical-slice and python-feature-slice — no DI framework; uses props/context for dependency injection and a query cache for server state. Use when creating feature-based React projects, adding React features, organizing components by feature rather than by technical type, or scaffolding a feature's data layer. Triggers on phrases like "scaffold react feature", "create react slice", "react feature folder", "react vertical slice", "add react feature", "react feature architecture", "organize react by feature".
SKILL.mdUpdated Jun 4, 2026