ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Vibe Coding Best Practices v3.0

v1.0.0

Provides a comprehensive AI-assisted development workflow with PLAN/ACT separation, multi-agent collaboration, fault recovery, and security code review best...

2· 425·0 current·1 all-time
by@russellfei
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Vibe Coding Best Practices) match the content: workflow guidance, multi-agent orchestration, recovery SOPs, and security checklists. The skill declares no binaries, env vars, or installs—consistent with an instruction-only guideline.
Instruction Scope
SKILL.md explicitly instructs agents (in PLAN prompts) to read repository context (read_file/search_files), consult LOG.md, status/*.status, worktree dirs, and use git commands and example scripts. Those file and command targets are appropriate for a developer workflow, but they do grant the agent broad access to repository contents (including any secrets accidentally committed).
Install Mechanism
No install spec or external downloads; instruction-only skill — lowest install risk.
Credentials
The skill requests no environment variables or credentials. It references services/tools (Claude, Kimi, OpenClaw, Sentry) only as recommendations; no unrelated secrets are demanded.
Persistence & Privilege
Skill flags: always:false and agent invocation allowed (normal). The guide suggests creating repo hooks (post-commit auto-push) and example persistent PowerShell timers — these are user-side setup suggestions and could create persistent behavior or automatic network pushes if implemented, so users should review before applying.
Assessment
This skill is a coherent, instruction-only best-practices guide for AI-assisted development and appears to be what it claims. Before using its example scripts or following its automation recipes: 1) review any proposed git commands (git reset --hard, auto-push hooks) on a backup or test repo to avoid accidental data loss or unintended pushes; 2) do not enable auto-push/post-commit hooks unless the remote is trusted; 3) audit any files the agent will be instructed to read (LOG.md, memory/tasks/, status/) to ensure they contain no secrets or sensitive data; 4) follow the guide's own security red lines (manual review for auth/payment/DB schema/migrations); and 5) if you let an agent run these commands autonomously, restrict its permissions and monitor operations. These precautions will keep the guidance useful without exposing your code or secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ezax967fbsgqt83c2krrqjd821w5e
425downloads
2stars
1versions
Updated 19h ago
v1.0.0
MIT-0
@russellfei
latest
Download

Vibe Coding 最佳实践指南

vibe-3k = Vibe Coding Best Practices v3.0(3K 行级全流程指南)

你是主厨,AI 是厨房团队。你设计菜单、品尝每道菜,但不亲自切每根胡萝卜。

10 条核心原则

  1. 先想后 prompt — 5 分钟思考省 5 小时迭代
  2. Plan ≠ Act — 分离规划和执行,用不同模型/session
  3. Design Doc 是枢纽 — 压缩上下文,可审查,可交接
  4. 小步提交 — 每个功能点一个 commit,Git 是安全网
  5. 新功能新 session — 上下文溢出是第一杀手
  6. 循环修复就回退 — 3 次修不好 = 方案有问题
  7. 安全不能 vibe — Auth/支付/数据必须人工 review
  8. LOG.md 是续命药 — 记录进度,任何时候都能恢复
  9. 多 Agent 分工明确 — PM 规划、Dev 执行、QA 审查
  10. 验收有 checklist — 自动化检查 + 人工确认

参考文档(按需加载)

文件内容何时读取
references/01-quickstart.md核心概念 + 项目启动 + 规则文件 + 4 套项目模板启动新项目时
references/02-single-agent.mdPLAN/ACT 分离 + Design Doc + Prompt 技巧 + 上下文管理单人 AI 开发时
references/03-multi-agent.md多 Agent 协作 + Git Worktree 并行 + Race Condition 防护 + 时间戳规范多 Agent 协作时
references/04-emergency.md故障分级 + 恢复 SOP + 灾难恢复 + >24h 长任务管理出问题或长任务时
references/05-security-qa.md安全红线 + 验收 Checklist + 自动化验收脚本安全审查/验收时
references/06-tools.md工具推荐(Claude Code / Kimi / Antigravity / OpenClaw)工具选型时

快速启动

启动前 5 分钟清单

在碰 AI 之前写下:

  1. 解决什么问题?
  2. 目标用户?
  3. 核心功能(P0/P1/P2)
  4. 技术栈约束
  5. 什么叫「完成」?

PLAN/ACT 分离(最重要)

  • PLAN 阶段: 大上下文 thinking 模型(Gemini / OpenAI / Claude 最新旗舰)只分析、只规划 → 输出 Design Doc
  • ACT 阶段: 新 session + 快速模型(各厂商轻量级模型)→ 读 Design Doc → 逐步实现
  • 永远不要在同一个 session 里做 Plan 和 Act

故障快速参考

信号动作
单个错误,信息清晰粘贴完整 stack trace → AI 修
来回改同一文件 3+ 次🛑 停!git stash → 换模型/策略
多处报错,越修越乱git reset --hard <stable> → 重新 Plan
AI 重复/遗忘/答非所问关 session → LOG.md → 新 session 接力

安全红线

Auth、支付、数据库 Schema、用户数据、API Key — 绝不 vibe,必须人工逐行 review

实际案例

使用中的真实案例记录在 memory/tasks/ 目录。每次完成 Vibe Coding 项目都会生成 task 记录,包含执行过程、踩坑和成果。

工具信息时效性

⚠️ 工具相关信息(Kimi Agent Swarm、Antigravity Kit 等)截至 2026-02,具体能力和 API 以官方文档为准。

Comments

Loading comments...