ClawHub

Vibe Coding

Build software with AI by describing what you want. Covers prompting techniques, workflow patterns, rules files, and when to intervene.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 1.4k · 16 current installs · 16 all-time installs
byIván@ivangdavila
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (AI-assisted coding workflow and prompting advice) match the content: multiple markdown files with prompting patterns, workflow steps, rules-file templates and tool recommendations. It does not request unrelated credentials, binaries, or installs.
Instruction Scope
SKILL.md and the included docs suggest reading project files, creating rules files, and guiding AI interactions — all appropriate for a coding-assistant skill. The instructions do recommend reading local code (e.g., 'Read the auth module'), but they do not themselves demand access to unrelated system secrets or instruct exfiltration to external endpoints.
Install Mechanism
No install spec or code files are present; this is instruction-only. That minimizes risk because nothing will be written to disk or executed by an installer.
Credentials
The skill requires no environment variables, credentials, or config paths. The guidance about rules files and using environment variables for secrets is appropriate for the stated purpose and not disproportionate.
Persistence & Privilege
always:false and no install means the skill does not request permanent presence or elevated privileges. It does not modify other skills or system settings.
Assessment
This skill is documentation and best-practices for using AI to write code — it does not request credentials or install software. It appears coherent and suitable for learning and prototyping. Before using its recommendations in production: (1) never accept AI-generated auth, payment, or data-handling code without careful manual review and tests, (2) follow the guide's own advice to keep secrets in environment variables and avoid hardcoded keys, (3) run tests and security reviews on any AI-generated changes, and (4) if you plan to give an agent automated repo access, limit that access and audit commits because autonomous edits can introduce vulnerabilities. If you want a deeper assessment, provide the exact prompts and the repository the agent will operate on so I can check for risky read/write patterns or credential exposure in that specific context.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk977y9ex6jqjwrskgas71fvb71818yqz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎸 Clawdis
OSLinux · macOS · Windows

SKILL.md

What is Vibe Coding

Programming where you describe what you want and let AI generate code. You evaluate by results, not by reading every line. Coined by Andrej Karpathy (Feb 2025).

Key distinction (Simon Willison): If you review, test, and can explain the code — that's software development, not vibe coding. Vibe coding means accepting AI output without fully understanding every function.

Quick Reference

TopicFile
Prompting techniquesprompting.md
Research-Plan-Implement workflowworkflow.md
Rules files (.cursorrules, CLAUDE.md)rules-files.md
Common pitfalls and fixespitfalls.md
Tool selection by use casetools.md

Core Rules

1. Define Intent Before Prompting

Vague prompts → vague results. Before touching your AI tool:

  • What specific problem are you solving?
  • What does "done" look like?
  • What are the constraints (stack, integrations, flow)?

Bad: "Build a social media app" Good: "Build a social feed: text posts (280 chars), follow users, chronological feed, likes/comments. Use React, Tailwind, Supabase."

2. Use Rules Files

Persistent context that teaches AI your conventions. Put it in once, applies to every interaction:

  • Cursor: .cursorrules or .cursor/rules/
  • Claude Code: CLAUDE.md
  • Windsurf: .windsurfrules

See rules-files.md for templates.

3. Research-Plan-Implement

Before implementing, have AI explore and plan:

  1. Research: "Read the auth module, explain how sessions work"
  2. Plan: "Write the files you'll modify and changes in each"
  3. Implement: Only after reviewing the plan

Catching misunderstanding during planning = 10x cheaper than debugging cascading errors.

4. When to Intervene vs Let It Flow

  • Let it flow: Scaffolding, UI components, exploring ideas
  • Intervene: Auth, payments, data handling, anything security-adjacent
  • Always review: Database schemas, API permissions, user data handling

5. Test After Every Change

AI generates code that looks flawless but has subtle bugs. After every change:

  • Run test suite
  • Manually test the affected feature
  • Check console for errors
  • Verify happy path AND edge cases

6. Paste Errors, Let AI Fix

The Karpathy move: copy error message, paste with no comment, usually it fixes it. If AI can't fix after 2-3 attempts, describe the behavior you want instead.

7. Constraint Anchoring

Set explicit boundaries:

  • Length: "Under 50 lines of code"
  • Format: "Only the modified function, not entire file"
  • Scope: "Only payment flow, don't touch auth"
  • Style: "Follow existing pattern in UserService.ts"

8. Know When Vibe Coding is Appropriate

Good for: Prototypes, MVPs, internal tools, weekend projects, UI components, boilerplate, learning Bad for: Security-critical code, performance-critical code, compliance-heavy domains, long-term production systems

9. Experienced Developers + Vibe Coding = Superpowers

The best vibe coders understand architecture, spot bad AI output, and know when to intervene. If you can't evaluate whether AI produced good code, you need to learn more before vibe coding production systems.

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…