Pragmatic coding standards - concise, direct, no over-engineering, no unnecessary comments
Security Analysis
high confidenceThis is an instruction-only coding-style skill whose requirements and instructions are consistent with its stated purpose, but it asks agents to run repository-local validation scripts and to make broad edits to dependent files — so review changes and any scripts the agent might execute before trusting it with write access.
The name/description (pragmatic coding standards) match the SKILL.md content: naming/function rules, anti-patterns, and a pre-completion checklist. There are no unexpected environment variables, binaries, or installs requested that would be inconsistent with a style/quality guideline skill.
The instructions focus on editing code, running checks, and verifying changes, which is appropriate. However the skill mandates that agents 'Edit the file + all dependent files in the SAME task' and includes a mapping of repository-local verification scripts under .agent/skills/... — this encourages broad repository reads/writes and execution of local scripts. That is coherent for a code-editing workflow but increases the scope of changes an agent may perform and the number of files it may touch, so operators should prefer review-before-commit and limit write permissions.
No install specification or downloaded code is present; the skill is instruction-only, which is the lowest install risk.
The skill declares no environment variables, credentials, or config paths. The SKILL.md references only repository-local paths and test/lint scripts; it does not request or reference external secret values or unrelated services.
The skill does not request always:true or any persistent system-level privileges. Model invocation is enabled (the platform default), which is normal for skills and not by itself a concern.
Guidance
This skill appears to be a straightforward coding-style instruction set and is internally consistent. Before installing or allowing it to run with write/execute permissions: (1) confirm you trust the agent and repository, because the skill encourages editing dependent files in the same task (which can produce wide-ranging changes), (2) review any .agent/skills/... scripts the agent will run — they execute code from the workspace and might run networked commands, and (3) prefer a workflow where the agent proposes changes as patches or a pull request for human review rather than committing automatically. If you need tighter control, restrict the agent's ability to execute repository scripts or require explicit confirmation before running verification scripts or applying edits.
Latest Release
v1.0.0
Major update: The skill has been overhauled for strict, pragmatic coding standards and robust validation requirements. - Expanded coding standards with explicit, actionable "Do" and "Don't" lists, core principles, and anti-pattern tables. - Added mandatory self-checklists for agents to validate goal completion, code correctness, and coverage of all requirements before completing tasks. - Introduced required validation script mapping per agent skill, with strict output handling, summarized reporting, and confirmation before fixing issues. - Enforced concise, self-documenting code—no unnecessary comments or abstractions; small, focused functions; and direct responses to user requests. - Updated rules for naming, code structure, and file editing responsibilities to prevent breakage and ensure maintainability. - Raised skill priority to CRITICAL and version to 2.0.
Popular Skills
Published by @gabrielsubtil on ClawHub
