ClawHub

Vibe Coding

v1.0.0

Build software with AI by describing what you want. Covers prompting techniques, workflow patterns, rules files, and when to intervene.

4· 3.9k·34 current·35 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (AI-assisted coding workflow and prompting advice) match the content: multiple markdown files with prompting patterns, workflow steps, rules-file templates and tool recommendations. It does not request unrelated credentials, binaries, or installs.
Instruction Scope
SKILL.md and the included docs suggest reading project files, creating rules files, and guiding AI interactions — all appropriate for a coding-assistant skill. The instructions do recommend reading local code (e.g., 'Read the auth module'), but they do not themselves demand access to unrelated system secrets or instruct exfiltration to external endpoints.
Install Mechanism
No install spec or code files are present; this is instruction-only. That minimizes risk because nothing will be written to disk or executed by an installer.
Credentials
The skill requires no environment variables, credentials, or config paths. The guidance about rules files and using environment variables for secrets is appropriate for the stated purpose and not disproportionate.
Persistence & Privilege
always:false and no install means the skill does not request permanent presence or elevated privileges. It does not modify other skills or system settings.
Assessment
This skill is documentation and best-practices for using AI to write code — it does not request credentials or install software. It appears coherent and suitable for learning and prototyping. Before using its recommendations in production: (1) never accept AI-generated auth, payment, or data-handling code without careful manual review and tests, (2) follow the guide's own advice to keep secrets in environment variables and avoid hardcoded keys, (3) run tests and security reviews on any AI-generated changes, and (4) if you plan to give an agent automated repo access, limit that access and audit commits because autonomous edits can introduce vulnerabilities. If you want a deeper assessment, provide the exact prompts and the repository the agent will operate on so I can check for risky read/write patterns or credential exposure in that specific context.

Like a lobster shell, security has layers — review code before you run it.

latestvk977y9ex6jqjwrskgas71fvb71818yqz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎸 Clawdis
OSLinux · macOS · Windows

Comments