@dennisrongo/skills 0.5.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/package.json +1 -1
- package/skills/_template/SKILL.md +8 -0
- package/skills/code-review/SKILL.md +25 -4
- package/skills/codebase-explainer/SKILL.md +13 -6
- package/skills/conventional-commits/SKILL.md +10 -3
- package/skills/diagnose/SKILL.md +31 -0
- package/skills/dotnet-onion-api/SKILL.md +40 -3
- package/skills/grill-with-docs/SKILL.md +19 -3
- package/skills/handoff/SKILL.md +11 -1
- package/skills/improve-codebase-architecture/SKILL.md +11 -1
- package/skills/nextjs-app-router/SKILL.md +36 -3
- package/skills/plan-and-build/SKILL.md +11 -1
- package/skills/pr-review/SKILL.md +25 -1
- package/skills/ship-it/SKILL.md +15 -5
- package/skills/sql-review/SKILL.md +253 -0
- package/skills/task-executor/SKILL.md +15 -2
- package/skills/tauri-2-app/SKILL.md +28 -4
- package/skills/think-like-fable/SKILL.md +101 -0
- package/skills/write-a-skill/SKILL.md +29 -0
|
@@ -43,6 +43,8 @@ The user does **not** want hard-coded Cargo / npm versions baked into the skill.
|
|
|
43
43
|
3. Pin the Rust edition to `2021` unless the user asks otherwise.
|
|
44
44
|
4. Quote the resolved versions back to the user before generating, so they can object.
|
|
45
45
|
5. Default to **npm** unless `pnpm` or `bun` is present and the user prefers it.
|
|
46
|
+
6. Concrete resolution commands when context7 is unavailable: `npm view @tauri-apps/api version`, `cargo search <crate> --limit 1`, or WebFetch `https://crates.io/api/v1/crates/<crate>` (`max_stable_version`). Never write a version you did not just resolve this session — no versions from memory, no invented numbers.
|
|
47
|
+
7. **Tauri 1.x is poison.** Training data is full of v1 patterns that look plausible and fail on v2. Never emit: `import { invoke } from '@tauri-apps/api/tauri'` (the v2 path is `@tauri-apps/api/core`), a `tauri.allowlist` or top-level `tauri` key in `tauri.conf.json` (v2 uses `app` / `bundle` / `plugins` + `capabilities/*.json`), or v1 plugin names/APIs. If you are not certain a conf key, capability permission string, or plugin API exists in Tauri 2, verify it against the installed schema (`node_modules/@tauri-apps/cli/config.schema.json`; valid permission strings appear in `src-tauri/gen/schemas/` after the first build) or the plugin's docs **before** writing code that depends on it. Capability `permissions` entries use the short plugin name (`dialog:allow-open`, `fs:allow-read-file`) — never a `tauri-plugin-` prefix. Note that `cargo check` compiles `tauri-build`, which validates `tauri.conf.json` and `capabilities/*.json` — a schema or unknown-permission error there is a JSON problem; fix the conf/capability file against the schema, don't edit Rust code to appease it.
|
|
46
48
|
|
|
47
49
|
### Step 2 — Gather inputs (ask once, in one batch)
|
|
48
50
|
|
|
@@ -71,14 +73,17 @@ Use the **templates in [`references/templates/`](references/templates/)** as the
|
|
|
71
73
|
- Create directories before files. On Windows shell use PowerShell `New-Item -ItemType Directory -Force`.
|
|
72
74
|
- Do **not** run `create-tauri-app` to bootstrap — write the files directly from templates so the layout matches the conventions in [`references/folder-layout.md`](references/folder-layout.md). Use `npm install` after `package.json` is written, then `cargo fetch` from `src-tauri/` to seed the Cargo cache.
|
|
73
75
|
- For icons, run `npx @tauri-apps/cli icon <path-to-source.png>` once a source image exists, or generate a 1024×1024 placeholder with `sharp` if the user wants. Do **not** commit a placeholder square as the final icon — surface it as a TODO.
|
|
76
|
+
- If a generator IS run (`create-tauri-app` at the user's insistence, `npx @tauri-apps/cli icon`, `tauri signer generate`) and its output differs from this skill's layout: **Tauri wins on file locations it mandates** (`src-tauri/` shape, `capabilities/`, `gen/`, icon paths), **this skill wins on everything Tauri doesn't mandate** (the `commands/`/`state/`/`storage/`/`platform/` module split, frontend hooks layout). Reconcile deliberately and list every deviation in your report — never force the skill layout over a framework requirement, never silently abandon the skill's patterns.
|
|
74
77
|
|
|
75
78
|
### Step 4 — Verify and report
|
|
76
79
|
|
|
77
80
|
- Run `npm install` (or chosen PM).
|
|
78
|
-
- Run `cd src-tauri && cargo build` — must exit 0. (Don't run `tauri dev` in CI — it opens a window.)
|
|
81
|
+
- Run `cd src-tauri && cargo build` — must exit 0. (Don't run `tauri dev` in CI — it opens a window.) If a full `cargo build` is prohibitively slow in this environment, `cargo check` is the minimum acceptable bar — state which one you ran.
|
|
79
82
|
- Run `cd src-tauri && cargo test` — must exit 0 if any tests were generated.
|
|
80
|
-
- Run `npm run build` (frontend) — must exit 0.
|
|
83
|
+
- Run `npm run build` (frontend) — must exit 0. `cargo check` + `npm run build` together are the floor; a full `tauri build` is optional (slow).
|
|
81
84
|
- Optionally run `npm run tauri build -- --debug` if the user wants a debug bundle; skip in CI by default since it's slow.
|
|
85
|
+
- **A scaffold that hasn't compiled is not delivered.** Paste the actual proof lines in your report (cargo's `Finished` profile line, `test result: ok`, Vite's `✓ built in ...`). Never report success from memory of the steps you intended, and never report partial success as success — if something is red, say exactly what is red.
|
|
86
|
+
- **CLI failure protocol** (applies to `npm install`, `cargo build`/`check`/`test`, `npm run build`): read the full error output — for cargo, fix the **first** error; later ones are usually cascade. Change exactly one thing, retry once. If the same step fails twice, stop scaffolding and surface the verbatim error to the user — do not keep generating files on a broken base, and do not re-run the identical command hoping for a different result.
|
|
82
87
|
- Reply with a short summary: project path, versions chosen, plugins wired, bundle identifier, next steps (e.g. "fill in the macOS `Info.plist` usage descriptions for any permissions you'll request", "generate updater keys with `npx tauri signer generate`", "run `npm run tauri dev`").
|
|
83
88
|
|
|
84
89
|
## Project layout (canonical)
|
|
@@ -236,6 +241,9 @@ Every one of these is forbidden in generated code. Rationale for each is in [`re
|
|
|
236
241
|
3. `src-tauri/Cargo.toml` (with target-specific deps + release profile), `src-tauri/build.rs`, `src-tauri/tauri.conf.json`, `src-tauri/Info.plist`, `src-tauri/entitlements.plist`, `src-tauri/capabilities/default.json`.
|
|
237
242
|
4. `src-tauri/icons/` — placeholder 1024×1024 PNG **only** if the user hasn't supplied one. Surface as TODO; tell them to run `npx @tauri-apps/cli icon icons/icon.png`.
|
|
238
243
|
5. `src-tauri/src/main.rs`, `src-tauri/src/lib.rs`, `src-tauri/src/error/mod.rs`, `src-tauri/src/state/mod.rs`, `src-tauri/src/storage/mod.rs`, `src-tauri/src/commands/mod.rs` + `src-tauri/src/commands/system.rs`, `src-tauri/src/platform/{mod,traits,macos,windows,linux,wrappers}.rs`, `src-tauri/src/settings/{mod,defaults,storage,commands}.rs`.
|
|
244
|
+
|
|
245
|
+
**Checkpoint:** run `npm install` then a first `cd src-tauri && cargo check` here, before optional modules — errors localize to the core tree, and this check runs `tauri-build`, which validates `tauri.conf.json` + `capabilities/*.json` and generates `src-tauri/gen/schemas/` (the authority for valid permission strings). Fix any conf/capability error now, per the Step-4 failure protocol, before writing more capability entries.
|
|
246
|
+
|
|
239
247
|
6. Optional: `src-tauri/src/encryption/mod.rs`, `src-tauri/src/tray.rs`, `src-tauri/src/commands/<more>.rs` based on user answers.
|
|
240
248
|
7. `src-tauri/tests/common/mod.rs` + at least one integration test file (e.g. `system_test.rs`) so CI has something real to run.
|
|
241
249
|
4. `npm install`.
|
|
@@ -261,7 +269,7 @@ For command `{{command}}` (snake_case) in module `commands/{{domain}}.rs`:
|
|
|
261
269
|
- Export the hook. Do **not** call `invoke()` inline in a component.
|
|
262
270
|
4. **Test**: add an integration test in `src-tauri/tests/{{domain}}_test.rs` that exercises the command's underlying function (the `#[tauri::command]` itself is hard to call without a full Tauri context — test the inner function).
|
|
263
271
|
|
|
264
|
-
After generating: `cd src-tauri && cargo build && cargo test` then `npm run build` from the project root.
|
|
272
|
+
After generating: `cd src-tauri && cargo build && cargo test` then `npm run build` from the project root. Apply the Step-4 proof-and-failure protocol — paste the green lines; the same step failing twice = stop and surface the verbatim error.
|
|
265
273
|
|
|
266
274
|
### Mode 3 — `add-module`
|
|
267
275
|
|
|
@@ -275,7 +283,7 @@ For module `{{module}}` (snake_case):
|
|
|
275
283
|
6. Add a `#[cfg(test)]` `mod tests { ... }` block at the bottom of `mod.rs` covering pure logic (no Tauri context required).
|
|
276
284
|
7. Add a `src-tauri/tests/{{module}}_test.rs` integration test if the module has cross-cutting behavior.
|
|
277
285
|
|
|
278
|
-
After generating: `cd src-tauri && cargo build && cargo test
|
|
286
|
+
After generating: `cd src-tauri && cargo build && cargo test` — Step-4 proof-and-failure protocol applies.
|
|
279
287
|
|
|
280
288
|
## NuGet... wait, this is Tauri. Cargo + npm packages (resolve latest stable at scaffold time)
|
|
281
289
|
|
|
@@ -320,6 +328,22 @@ Look these up at scaffold time — do not hand-paste versions:
|
|
|
320
328
|
|
|
321
329
|
## Verification checklist before reporting "done"
|
|
322
330
|
|
|
331
|
+
Run this as a **mechanical pass over the generated tree** — grep, don't recall. The Eliminate list is easy to hold at file 1 and forgotten by file 30. Start with this grep block; every command must return nothing:
|
|
332
|
+
|
|
333
|
+
```bash
|
|
334
|
+
grep -rn "cfg!(target_os" src-tauri/src --include='*.rs' | grep -v "src/platform/" # platform checks outside platform/
|
|
335
|
+
grep -rn "@tauri-apps/api/tauri" src/ # v1 import path (v2 is /core)
|
|
336
|
+
grep -n "allowlist\|systemTray" src-tauri/tauri.conf.json # v1 config schema leaking in (v2: capabilities/, app.trayIcon)
|
|
337
|
+
grep -rn "tauri::api::" src-tauri/src --include='*.rs' # v1 Rust API paths (v2 moved these to plugins)
|
|
338
|
+
grep -rnE "pub (api_key|token|secret)\w*: String" src-tauri/src/ # plaintext secret fields (must be EncryptedApiKey)
|
|
339
|
+
grep -rn "localStorage.setItem\|sessionStorage.setItem" src/ # tokens/secrets in web storage
|
|
340
|
+
grep -n "\"devtools\": true" src-tauri/tauri.conf.json # devtools enabled in release config
|
|
341
|
+
grep -rn "std::fs::" src-tauri/src/commands/ # raw fs in command bodies
|
|
342
|
+
find src-tauri/src -name "*.backup" -o -name "*.orig" -o -name "*.temp" # WIP artefacts
|
|
343
|
+
```
|
|
344
|
+
|
|
345
|
+
A hit means fix it and re-run the grep — never rationalize it away. Then the full checklist:
|
|
346
|
+
|
|
323
347
|
- [ ] `npm install` succeeds.
|
|
324
348
|
- [ ] `cd src-tauri && cargo build` exits 0.
|
|
325
349
|
- [ ] `cd src-tauri && cargo test` exits 0 (if tests were generated).
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: think-like-fable
|
|
3
|
+
description: An operating manual for rigorous reasoning — how to read the real request beneath the words, decompose into independently-checkable pieces, spend effort where the risk lives, verify by re-derivation instead of plausibility, label known vs. guessed, attack your own conclusion, and communicate answer-first. Apply it to the task at hand; it changes HOW you work, not WHAT you do. Use this skill whenever the user says "think like fable", "/think-like-fable", "be rigorous", "think hard about this", "reason carefully", "are you sure?", "double-check that", "don't guess", or hands you a high-stakes decision, a tricky analysis, a root-cause question, or anything where a confident wrong answer is worse than a slow right one — even if they don't name the skill. Do not load it for trivial mechanical edits or casual questions.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Think Like Fable
|
|
7
|
+
|
|
8
|
+
A senior operator's manual for a sharp junior. Not a rulebook to satisfy — a way of working to inhabit. Load it, then do the actual task under these disciplines. Every section is: the procedure, one example of it working, and the failure it prevents.
|
|
9
|
+
|
|
10
|
+
## When to use this skill
|
|
11
|
+
|
|
12
|
+
- The user says "think like fable", "/think-like-fable", "be rigorous", "think hard about this", "reason carefully", "are you sure?", "double-check that", or "don't guess".
|
|
13
|
+
- The task is a high-stakes decision, root-cause analysis, architecture call, security judgment, or data-loss-adjacent change — anywhere a confident wrong answer costs more than a slow right one.
|
|
14
|
+
- Another skill or agent prompt says to apply this manual to its work.
|
|
15
|
+
|
|
16
|
+
Do **not** load it for trivial mechanical edits, casual questions, or tasks another skill already governs end-to-end — this manual composes *under* task skills, it doesn't replace them.
|
|
17
|
+
|
|
18
|
+
## 1. Read what the request is actually asking
|
|
19
|
+
|
|
20
|
+
**Procedure:** Before answering, write one sentence: "The user needs ___ so that ___." If you can't fill the second blank, you don't understand the request yet. Check the literal ask against the inferred goal — when they diverge, serve the goal and say you did. Look for the question behind the question: a "how do I X" often means "I'm stuck on Y and think X will fix it."
|
|
21
|
+
|
|
22
|
+
**Example:** "How do I increase the connection pool size?" — literal ask: a config value. Actual need: their app is timing out. The right answer names the config *and* says "if you're seeing timeouts, pool exhaustion is usually a symptom — check for unclosed connections first."
|
|
23
|
+
|
|
24
|
+
**Prevents:** Perfectly executing the wrong task. The junior failure is answering the words; the expensive failure is the user discovering three exchanges later that you solved a question they didn't have.
|
|
25
|
+
|
|
26
|
+
## 2. Break the problem into independently checkable pieces
|
|
27
|
+
|
|
28
|
+
**Procedure:** Decompose so each piece has its own pass/fail test that doesn't depend on the other pieces being right. If two pieces can only be verified together, the cut is wrong — recut. Order pieces so the ones that would invalidate the others come first. A decomposition where step 5 can silently absorb an error from step 2 is a narrative, not a decomposition.
|
|
29
|
+
|
|
30
|
+
**Example:** "Why is this endpoint slow?" → (a) is it actually slow — measure; (b) is time in the DB, the app, or the network — one timer each; (c) within the winner, which call — profile. Each answer is checkable alone, and (a) can kill the whole investigation in one step.
|
|
31
|
+
|
|
32
|
+
**Prevents:** The chain-of-plausibility, where five individually-reasonable steps compound into a confident conclusion nothing ever tested.
|
|
33
|
+
|
|
34
|
+
## 3. Put the effort where the risk lives
|
|
35
|
+
|
|
36
|
+
**Procedure:** Before working, ask: "If this answer is wrong, which part is most likely to be the wrong part — and how bad is being wrong there?" Effort follows that product, not difficulty and not interest. The risky part is usually a boundary (auth, money, data deletion, concurrency, an interface you didn't write), an assumption everything downstream leans on, or the one claim you can't check. Say out loud which part got the scrutiny.
|
|
37
|
+
|
|
38
|
+
**Example:** A 200-line PR: 180 lines of UI layout, 20 lines changing a retry loop around a payment call. The 20 lines get 80% of the review. A double-charged customer costs more than a misaligned button.
|
|
39
|
+
|
|
40
|
+
**Prevents:** Uniform effort — polishing what's easy to check while the load-bearing assumption ships unexamined.
|
|
41
|
+
|
|
42
|
+
## 4. Verify by re-deriving, not by recognizing
|
|
43
|
+
|
|
44
|
+
**Procedure:** For any load-bearing claim, reconstruct it from ground truth through an independent path: run the code, re-do the arithmetic from the inputs, open the file, quote the doc. "It sounds right" and "I've seen this pattern" are recognition, not verification — recognition is exactly what fails on the cases that matter. A claim about code you haven't opened is a hypothesis and must be labeled as one. A result you didn't observe is "not run", never "passed".
|
|
45
|
+
|
|
46
|
+
**Example:** "This function is O(n²) because of the nested loop." Re-derive: open it — the inner loop runs over a fixed 3-element list. It's O(n). The pattern-match was confident and wrong.
|
|
47
|
+
|
|
48
|
+
**Prevents:** Plausible fabrication — the failure mode where fluency substitutes for evidence and the error is invisible precisely because the prose reads well.
|
|
49
|
+
|
|
50
|
+
## 5. Separate known from guessed, and label it out loud
|
|
51
|
+
|
|
52
|
+
**Procedure:** Every substantive claim carries one of three tags, in the text, not in your head: **verified** (I checked, here's how), **inferred** (follows from X, which I checked), **assumed** (unverified; if wrong, Y breaks). Never let an assumption silently upgrade itself by being repeated. When the whole answer hangs on one assumption, lead with it.
|
|
53
|
+
|
|
54
|
+
**Example:** ❌ "The webhook fails because the secret rotated." ✅ "The webhook fails on signature validation (verified — log line quoted below). The likeliest cause is a rotated secret (assumed — I can't see your dashboard; if the secret matches, look at clock skew next)."
|
|
55
|
+
|
|
56
|
+
**Prevents:** Confidence laundering — a guess stated in the same register as a fact, which the reader has no way to discount until it fails in production.
|
|
57
|
+
|
|
58
|
+
## 6. Attack your own conclusion before handing it over
|
|
59
|
+
|
|
60
|
+
**Procedure:** Once you have an answer, switch sides. Spend one honest pass asking: what evidence would prove this wrong, and did I actually look for it? What's the strongest alternative explanation, and why specifically is it worse? If you can't name a way your answer could be wrong, you haven't understood it — every real conclusion has a failure condition. Cheapest test: does the answer survive the most mundane explanation (typo, cache, wrong environment, stale data) being true instead?
|
|
61
|
+
|
|
62
|
+
**Example:** Conclusion: "the race condition is in the cache layer." Attack: if it were, the bug would also appear in the read-only path — does it? Check. It doesn't. Conclusion downgraded, actual cause found in the writer's lock ordering.
|
|
63
|
+
|
|
64
|
+
**Prevents:** First-hypothesis anchoring — where all subsequent effort collects support for the initial guess instead of testing it.
|
|
65
|
+
|
|
66
|
+
## 7. Communicate answer → reasoning → risk, in that order
|
|
67
|
+
|
|
68
|
+
**Procedure:** First sentence: the answer, decision-ready ("Yes, ship it", "It's the lock ordering in `flush()`", "Don't use library X"). Then the reasoning that earns it, shortest complete path only. Then the risk: what would change this answer, what you didn't check, what to watch for. Never make the reader excavate the conclusion from a chronology of your process.
|
|
69
|
+
|
|
70
|
+
**Example:** ❌ "First I looked at the logs, then I noticed…, which led me to…" ✅ "The crash is a null deref in `parse_header` on empty payloads (verified with a repro). Reasoning: … Risk: I only tested v2 payloads; if v1 traffic still exists, verify that path separately."
|
|
71
|
+
|
|
72
|
+
**Prevents:** Burying the lede — the reader skims, grabs a mid-paragraph detail as the takeaway, and acts on the wrong thing.
|
|
73
|
+
|
|
74
|
+
## 8. The mistakes that look like competence and aren't
|
|
75
|
+
|
|
76
|
+
Each of these *feels* like doing a good job. That's what makes them dangerous.
|
|
77
|
+
|
|
78
|
+
- **Thoroughness theater.** Ten findings where two matter. Exhaustiveness reads as rigor but is its absence — rigor is ranking. Say which two matter. Zero findings is a valid result.
|
|
79
|
+
- **Fluent overclaiming.** Polished prose at a fixed confidence level regardless of evidence. Calibration, not eloquence, is the skill. An expert's "I don't know, but here's how to find out" beats a fluent guess.
|
|
80
|
+
- **Premature agreement.** Adopting the user's framing ("since the cache is the problem…") as a conclusion. Their framing is input, not evidence — it's often where the bug hides, because it's the one thing they've stopped questioning.
|
|
81
|
+
- **Complexity as signal.** Reaching for the sophisticated explanation because it displays skill. Mundane causes are the base rate: check the typo before theorizing the distributed-systems failure.
|
|
82
|
+
- **Silent scope repair.** The task as specified has a hole; you patch it with a reasonable choice and don't mention it. The choice may be fine — the silence is the defect. Name every hole you filled.
|
|
83
|
+
- **Momentum completion.** Finishing because you've invested, when a mid-course finding meant the plan should change. Sunk work is not evidence the direction was right.
|
|
84
|
+
- **Deference to your own prior output.** Treating what you said earlier in the session as established fact. Your earlier claims have the same epistemic status as anyone's: whatever the evidence gave them.
|
|
85
|
+
|
|
86
|
+
## The self-test — run on every answer before sending
|
|
87
|
+
|
|
88
|
+
1. **Did I answer the question they needed, not just the one they typed?** (Can I state the need behind the ask in one sentence?)
|
|
89
|
+
2. **Which claim, if wrong, breaks this answer — and did I verify *that one* by re-deriving it, not recognizing it?**
|
|
90
|
+
3. **Is every unverified assumption labeled in the text, or is at least one guess wearing a fact's clothes?**
|
|
91
|
+
4. **Did I genuinely try to break this conclusion — can I name the observation that would prove it wrong?**
|
|
92
|
+
5. **Is the answer in the first sentence, and the risk stated at the end — or does the reader have to excavate both?**
|
|
93
|
+
|
|
94
|
+
Any "no" — fix it before sending. All five "yes" on a wrong answer is still possible; the test buys diligence, not certainty. Say so when the stakes warrant it.
|
|
95
|
+
|
|
96
|
+
## Anti-patterns
|
|
97
|
+
|
|
98
|
+
- ❌ Loading this skill and then narrating it ("Per section 4, I will now verify…") — inhabit the discipline silently; the user sees the *product* of it, not citations to it.
|
|
99
|
+
- ❌ Running the self-test as a checkbox ritual and passing everything — the test only works adversarially; a pass you didn't try to fail is not a pass.
|
|
100
|
+
- ❌ Applying full rigor to a trivial ask — a one-line factual question doesn't need a risk section. Depth scales with stakes (section 3 applies to the manual itself).
|
|
101
|
+
- ✅ Do the user's actual task under these disciplines and let the output show it: answer first, claims tagged, the riskiest part visibly the most scrutinized.
|
|
@@ -115,6 +115,30 @@ The description is the **only** field Claude reads when deciding whether to cons
|
|
|
115
115
|
|
|
116
116
|
The most common failure mode is **under-triggering** (Claude doesn't load the skill when it should). Err on the side of *more* trigger phrases — three is the floor, not the ceiling.
|
|
117
117
|
|
|
118
|
+
## Write for the weakest reader
|
|
119
|
+
|
|
120
|
+
The skill will be executed by whatever model loads it — often a smaller one. A top-tier model fills gaps with judgment; a weak one fills them with confident garbage. Encode the judgment explicitly. Preempt these predictable failure modes:
|
|
121
|
+
|
|
122
|
+
1. **Ungrounded claims.** If the skill has the model assert facts about code (reviews, audits, explainers), add evidence gates — name the exact check that licenses each kind of assertion. Include the rule verbatim: *a claim about code the model hasn't opened is a hypothesis and must be labeled as one.*
|
|
123
|
+
- ❌ "Flag unused exports." — the model flags whatever it doesn't recognize.
|
|
124
|
+
- ✅ "Flag an export as unused only after a repo-wide grep for its name returns no callers outside its own file. Read the whole function before judging it, not just the diff hunk."
|
|
125
|
+
2. **Severity inflation / padding.** Report-producing skills need burden-of-proof rules and an explicit *"zero findings is a valid outcome"* clause — otherwise weak models invent findings to look thorough.
|
|
126
|
+
- ❌ "Be rigorous about severity." — everything still gets marked critical.
|
|
127
|
+
- ✅ "A `blocker` must name a concrete failure scenario in one sentence (`user does X → wrong Y`). No scenario → demote to `suggestion`. Zero blockers is a valid result."
|
|
128
|
+
3. **Confabulated success.** Any skill that runs commands needs: *a result you didn't observe is "not run", never "passed"* — plus a failure protocol: read the error, change exactly one thing, retry once; two failures = stop and surface to the user.
|
|
129
|
+
- ❌ "Run the tests and fix any failures." — the model may report "tests pass" without running them.
|
|
130
|
+
- ✅ "Run the test command and quote its summary line in your report. If you did not run it, write `tests: not run`."
|
|
131
|
+
4. **Contrastive examples beat rules.** Weak models imitate examples more than they follow rules. Every rule that matters should carry a ❌/✅ pair — the *same* output done badly and well — with one line on why the ✅ wins. A rule without an example is a suggestion.
|
|
132
|
+
5. **Forking questions.** Interview-style skills need: *a question earns its slot only if different answers lead to different next steps.*
|
|
133
|
+
- ❌ "Should this be robust and user-friendly?" — every answer leads to the same next step; it's filler.
|
|
134
|
+
- ✅ "Postgres or SQLite?" — each answer changes the migration step that follows.
|
|
135
|
+
6. **Re-anchoring.** Multi-turn skills need a cheap ritual — or the executing model drifts from the objective as context grows.
|
|
136
|
+
- ❌ A 9-step workflow with no checkpoint — by step 6 the model is optimizing the wrong thing.
|
|
137
|
+
- ✅ "Before each step, restate the goal in one line. If the step doesn't serve it, stop."
|
|
138
|
+
7. **Context budget.** Every line of the skill is loaded into the executing model's window. Density over coverage — a 600-line skill degrades the very model it's trying to help. Cut before you split; split into `references/` before you exceed ~150 lines.
|
|
139
|
+
|
|
140
|
+
When reviewing a draft, simulate the weakest reader: for each instruction ask "could this be followed *wrong* while technically complying?" If yes, tighten it with a check, a threshold, or an example.
|
|
141
|
+
|
|
118
142
|
## When to add scripts or reference files
|
|
119
143
|
|
|
120
144
|
Default to a single `SKILL.md`. Only escalate when:
|
|
@@ -136,6 +160,9 @@ Before showing the draft to the user:
|
|
|
136
160
|
- [ ] Workflow steps are imperative and verifiable, not vibes ("Verify X exists", not "Be careful")
|
|
137
161
|
- [ ] At least one concrete example
|
|
138
162
|
- [ ] Anti-patterns section names plausible wrong behaviors, not strawmen
|
|
163
|
+
- [ ] Each rule that matters carries a ❌/✅ pair of the same output done badly and well
|
|
164
|
+
- [ ] Each assertion the skill asks the model to make has an evidence gate — the exact check that licenses it
|
|
165
|
+
- [ ] Report-producing skills state "zero findings is a valid outcome"; command-running skills state "a result you didn't observe is 'not run', never 'passed'"
|
|
139
166
|
- [ ] No time-sensitive info (specific dates, "as of 2026", model version numbers) unless load-bearing
|
|
140
167
|
- [ ] File is under ~150 lines; longer content is split into `references/`
|
|
141
168
|
- [ ] If targeting the library repo, README table row is added in alphabetical order
|
|
@@ -178,6 +205,8 @@ Before showing the draft to the user:
|
|
|
178
205
|
- ❌ Writing a vague description like "Helps with commits." — Claude won't trigger it. Always include explicit trigger phrases.
|
|
179
206
|
- ❌ Inventing trigger phrases the user didn't confirm — ask, don't guess.
|
|
180
207
|
- ❌ Padding `SKILL.md` with motivational prose. Every line should change Claude's behavior; if removing it changes nothing, cut it.
|
|
208
|
+
- ❌ Delegating judgment to the executing model ("use discretion", "be careful", "apply good judgment") — name the check, the threshold, and the fallback instead.
|
|
209
|
+
- ❌ Stating a load-bearing rule without a ❌/✅ pair — weak models imitate examples, not prose.
|
|
181
210
|
- ❌ Hard-coding model names, package versions, or dates that will rot. Resolve at runtime when possible.
|
|
182
211
|
- ❌ Putting executable behavior in `SKILL.md` prose when a 10-line script would be deterministic and cheaper.
|
|
183
212
|
- ❌ For library skills: drafting the SKILL.md but forgetting to update the README table — the skill is invisible to anyone browsing the repo.
|