n4m3z/WebDevelopment
skills/WebDevelopment/SKILL.md
Server-rendered web dashboards and apps in Rust using axum + htmx + Askama + rust-embed. USE WHEN building a web dashboard, adding a web UI to a CLI tool, server-rendered HTML, htmx partials, Askama templates, axum routes, embedded static assets, localhost webserver.
$ install --global
skillsauthnpx skillsauth add n4m3z/forge-dev WebDevelopmentInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 28, 2026, 6:16 AM64.9s5 files scanned
SKILL.md
- name:
- WebDevelopment
- version:
- 0.1.0
- description:
- Server-rendered web dashboards and apps in Rust using axum + htmx + Askama + rust-embed. USE WHEN building a web dashboard, adding a web UI to a CLI tool, server-rendered HTML, htmx partials, Askama templates, axum routes, embedded static assets, localhost webserver.
- allowed-tools:
- Read, Bash, Write, Edit
- upstream:
- https://github.com/ercan-er/htmx-claude-skill/blob/main/skill/skills.md
WebDevelopment
Server-rendered web applications in Rust. Single binary, no client-side framework, no build step.
Stack
| Layer | Tool | Role | |---|---|---| | Server | axum | HTTP routing, middleware, shared state | | Templates | Askama | Compile-time HTML templates (Jinja2 syntax) | | Interactivity | htmx | HTML-attribute-driven partial page updates | | Static assets | rust-embed | Compile CSS/JS into the binary |
Related Skills
- DesignFrontend (forge-core): aesthetic direction, typography, color, motion
- HtmlPlayground (forge-core): single-file HTML demos without a server
- DataExplorer: static HTML data apps with charts and tables
- DataVisualization: chart library selection
- RustDevelopment: crate structure, error handling, CLI patterns
Architecture
- Feature-gate the web server behind a Cargo feature. Keep tokio out of the default build.
- Tokio runtime lives only in the subcommand entry point. Data-layer functions stay sync; handlers call
spawn_blocking. - Bind
127.0.0.1only, random ephemeral port. Validate Host header to block DNS rebinding. - Vendor all JS via rust-embed. No CDN, no runtime network fetches.
- Askama templates extend a base layout. Tabs via full-page loads; detail panes via htmx partials.
- Server returns HTML fragments, not JSON. Detect htmx requests via
HX-Requestheader. - Use correct
hx-swapstrategy per UI intention. Avoid replacing large containers unnecessarily.
Companions
| Topic | File |
|---|---|
| htmx attributes, swap modes, patterns, anti-patterns | Htmx.md |
| Askama template syntax, compile-time gotchas | Askama.md |
| axum routes, rust-embed handler, security | Axum.md |
| Dark dashboard CSS patterns | VercelStyle.md |
Constraints
- Server returns HTML, not JSON. No client-side DOM building.
- No client-side JS frameworks. htmx handles interactivity.
- No Node.js build step. Templates compile with Rust. CSS is hand-written.
- Askama templates cannot call
.get()on BTreeMap directly. Add helper methods on view-model structs. - Every route reading a path parameter must canonicalize before filesystem access.
- Use OOB swaps for multi-target updates instead of client-side JS.
- Aesthetic decisions belong in DesignFrontend, not here.
Related Skills
n4m3z/HealthChecks
tools
VerifiedTrustedCommunity
Architecture for security and health-check programs: standalone-runnable checks, severity ladder with UNKNOWN, key:value output contract, orchestrator dispatch, exit-code semantics. Language-agnostic; reference implementations in Bash, applies to Python and other languages. USE WHEN writing health checks or audit tools, designing check-script contracts, adding checks to tools like check-mac, reviewing health-check architecture, or porting a check tool between languages.
2SKILL.mdUpdated May 19, 2026
n4m3z/AuditDotfiles
testing
VerifiedTrustedCommunity
Scan a dotfiles tree for secrets via gitleaks, aggregate findings by top-level directory and rule, then surgically filter flagged lines from shell-history files before importing into atuin. USE WHEN auditing dotfiles before pushing to a public repo, scanning rsynced dotfiles-private contents, importing legacy zsh or bash history into atuin, filtering credential leaks out of a shell history file, deciding which dotfile subdirectories can be made public.
2SKILL.mdUpdated May 14, 2026
n4m3z/TestDrivenDevelopment
development
VerifiedTrustedCommunity
Test-driven development practices — Red-Green-Refactor cycle, test categories, coverage strategy, property-based testing. USE WHEN writing tests, designing testable APIs, or reviewing test coverage.
2SKILL.mdUpdated May 10, 2026
n4m3z/SystematicDebug
development
VerifiedTrustedCommunity
Four-phase debugging methodology — root cause before fixes. USE WHEN encountering any bug, test failure, unexpected behavior, or build failure.
2SKILL.mdUpdated May 10, 2026