원클릭으로 Manus에서 모든 스킬 실행

$pwd:

clean-code

Name: Clean Code
Author: xenitV1

// The Foundation Skill. LLM Firewall + 2025 Security + Cross-Skill Coordination. Use for ALL code output - prevents hallucinations, enforces security, ensures quality.

Manus에서 실행

$ git log --oneline --stat

stars:212

forks:30

updated:2026년 1월 24일 13:41

SKILL.md

readonly

name	clean-code
description	The Foundation Skill. LLM Firewall + 2025 Security + Cross-Skill Coordination. Use for ALL code output - prevents hallucinations, enforces security, ensures quality.

<domain_overview>

🛡️ CLEAN CODE: THE FOUNDATION

Philosophy: This skill is the FOUNDATION - it applies to ALL other skills. Every piece of code must pass these gates. ALGORITHMIC ELEGANCE MANDATE (CRITICAL): Never prioritize "clever" code over readable, intent-revealing engineering. AI-generated code often fails by introducing unnecessary abstractions or using vague naming conventions that obscure logic. You MUST use intent-revealing names for every variable and function. Any implementation that increases cognitive complexity without a proportional gain in performance or scalability must be rejected. Avoid "Hype-Driven Development"—proven patterns trump trending but unstable frameworks. </domain_overview> <iron_laws>

🚨 IRON LAWS

1. NO HALLUCINATED PACKAGES - Verify before import
2. NO LAZY PLACEHOLDERS - Code must be runnable
3. NO SECURITY SHORTCUTS - Production-ready defaults
4. NO OVER-ENGINEERING - Simplest solution first

</iron_laws> <security_protocols>

📦 PROTOCOL 1: SUPPLY CHAIN SECURITY

LLMs hallucinate packages that sound real but don't exist.

Verify before import - npm search or pip show for unfamiliar packages
Prefer battle-tested - lodash, date-fns, zod over obscure alternatives
Check npm audit / pip-audit before adding new dependencies
Pin versions in production - no ^ or ~ for critical deps 2025 AI Package Risks:

Never import AI "wrapper" libraries without verification
LLM SDKs: Use official only (openai, anthropic, google-generativeai)
Vector DBs: Stick to established (pinecone, weaviate, chromadb)

🔐 PROTOCOL 2: SECURITY-FIRST DEFAULTS

Frontend Security:

Forbidden	Required
`dangerouslySetInnerHTML`	DOMPurify sanitization
Inline event handlers	Event delegation
`eval()`, `new Function()`	Static code only
Storing tokens in localStorage	httpOnly cookies
Backend Security:
Forbidden	Required
-----------	----------
`CORS: *`	Explicit origin whitelist
Raw SQL strings	Parameterized queries
`chmod 777`	Principle of least privilege
Hardcoded secrets	Environment variables + validation
API Security (2025):

Rate limiting on ALL public endpoints
Input validation at the gate (Zod/Pydantic)
Output sanitization for AI-generated content
PASETO > JWT for new projects </security_protocols> <modularity_and_placeholder_rules>

🏗️ PROTOCOL 3: NO LAZY PLACEHOLDERS

Forbidden Patterns:

// ❌ BANNED
// TODO: Implement this
// ... logic goes here
function placeholder() { }
throw new Error('Not implemented');

Required:

Every function must be runnable
If too complex, break into smaller complete functions
"Hurry" is not an excuse - write minimal viable implementation

📐 PROTOCOL 4: MODULARITY & STRUCTURE

The 50/300 Rule:

Functions > 50 lines → Break down
Files > 300 lines → Split into modules SOLID Principles: | Principle | Quick Check | |-----------|-------------| | Single Responsibility | Does this do ONE thing? | | Open/Closed | Can I extend without modifying? | | Liskov Substitution | Can subtypes replace parent? | | Interface Segregation | Are interfaces minimal? | | Dependency Inversion | Do I depend on abstractions? | </modularity_and_placeholder_rules> <complexity_and_dependencies>

🎯 PROTOCOL 5: COMPLEXITY CAP

Native First:

// ❌ Don't install is-odd
npm install is-odd
// ✅ Use native
const isOdd = n => n % 2 !== 0;

Anti-Patterns:

AbstractFactoryBuilderManager for simple functions
10 layers of abstraction for CRUD
"Future-proofing" for requirements that don't exist YAGNI: You Aren't Gonna Need It. Build for today's requirements.

🔄 PROTOCOL 6: DEPENDENCY HYGIENE

Freshness Check:

npm outdated      # Check for updates
npm audit         # Check for vulnerabilities

The CVE Brake:

"Latest" is not always "Safest"
If latest has Critical CVE → Rollback to last secure version
Security > New Features 2025 Recommended: | Category | Recommended | |----------|-------------| | Validation | zod, valibot | | HTTP | ky, ofetch | | State | zustand, jotai | | ORM | drizzle, prisma | | Auth | lucia, better-auth | </complexity_and_dependencies> <ai_era_protocols>

🤖 PROTOCOL 7: AI-ERA CONSIDERATIONS

When Building AI Features:

Validate AI outputs - Never trust raw LLM responses
Rate limit AI calls - Prevent cost explosions
Sanitize before display - AI can generate malicious content
Log AI interactions - For debugging and compliance When AI is Writing Code:
Verify imports exist - AI hallucinates packages
Check types are correct - AI guesses at APIs
Test edge cases - AI misses boundary conditions
Review security - AI takes shortcuts </ai_era_protocols> <audit_and_reference>

✅ QUICK AUDIT CHECKLIST

Before committing ANY code:

No hallucinated imports (verified packages exist)
No security shortcuts (CORS, eval, hardcoded secrets)
No lazy placeholders (// TODO, empty functions)
Functions < 50 lines, files < 300 lines
Dependencies audited (npm audit clean)
Types are strict (no any)

🔗 CROSS-SKILL INTEGRATION

When Using...	Clean Code Adds...
`@frontend-design`	Security defaults, no eval, CSP awareness
`@backend-design`	Input validation, no raw SQL, Zero Trust
`@tdd-mastery`	No placeholders (tests enforce completeness)
`@planning-mastery`	Modularity guides task breakdown
`@brainstorming`	SOLID/YAGNI guide architecture decisions
`@debug-mastery`	Logging standards, no silent failures
</audit_and_reference>

related-skills.json

같은 저장소

maestro.md

from "xenitV1/claude-code-maestro"

Use when you need to act as an Elite Software Architect (Maestro) to manage complex repositories. It enforces a "Why over How" philosophy, maintains a persistent project memory (Brain), and orchestrates specialized sub-skills through a Plan-Act-Verify lifecycle.

2026-01-24212

backend-design.md

from "xenitV1/claude-code-maestro"

Elite Tier Backend standards, including Vertical Slice Architecture, Zero Trust Security, and High-Performance API protocols.

2026-01-24212

brainstorming.md

from "xenitV1/claude-code-maestro"

Design-first methodology. Explore user intent, requirements and design before implementation. Turn ideas into fully formed specs through collaborative dialogue.

2026-01-24212

browser-extension.md

from "xenitV1/claude-code-maestro"

Master specialized skill for building 2025/2026-grade browser extensions. Deep expertise in Manifest v3, Service Worker persistence (Alarms, Offscreen API), Side Panel API, and Cross-Browser compatibility.

2026-01-24212

debug-mastery.md

from "xenitV1/claude-code-maestro"

Systematic debugging methodology with 4-phase process, root cause tracing, and elite observability standards. No fixes without investigation.

2026-01-24212

frontend-design.md

from "xenitV1/claude-code-maestro"

Elite Tier Web UI standards, including pixel-perfect retro aesthetics, immersive layouts, and UX psychology protocols.

2026-01-24212

package.json

"author": "xenitV1"

"repository": "xenitV1/claude-code-maestro"

GitHub 저장소 열기 Creator 저장소 보기

$ install --global

$ download --local

Manus에서 실행

$ useful --forSOC

소프트웨어 개발자컴퓨터 및 수학직15-1252L4

name	clean-code
description	The Foundation Skill. LLM Firewall + 2025 Security + Cross-Skill Coordination. Use for ALL code output - prevents hallucinations, enforces security, ensures quality.

<domain_overview>

🛡️ CLEAN CODE: THE FOUNDATION

Philosophy: This skill is the FOUNDATION - it applies to ALL other skills. Every piece of code must pass these gates. ALGORITHMIC ELEGANCE MANDATE (CRITICAL): Never prioritize "clever" code over readable, intent-revealing engineering. AI-generated code often fails by introducing unnecessary abstractions or using vague naming conventions that obscure logic. You MUST use intent-revealing names for every variable and function. Any implementation that increases cognitive complexity without a proportional gain in performance or scalability must be rejected. Avoid "Hype-Driven Development"—proven patterns trump trending but unstable frameworks. </domain_overview> <iron_laws>

🚨 IRON LAWS

1. NO HALLUCINATED PACKAGES - Verify before import
2. NO LAZY PLACEHOLDERS - Code must be runnable
3. NO SECURITY SHORTCUTS - Production-ready defaults
4. NO OVER-ENGINEERING - Simplest solution first

</iron_laws> <security_protocols>

📦 PROTOCOL 1: SUPPLY CHAIN SECURITY

LLMs hallucinate packages that sound real but don't exist.

Verify before import - npm search or pip show for unfamiliar packages
Prefer battle-tested - lodash, date-fns, zod over obscure alternatives
Check npm audit / pip-audit before adding new dependencies
Pin versions in production - no ^ or ~ for critical deps 2025 AI Package Risks:

Never import AI "wrapper" libraries without verification
LLM SDKs: Use official only (openai, anthropic, google-generativeai)
Vector DBs: Stick to established (pinecone, weaviate, chromadb)

🔐 PROTOCOL 2: SECURITY-FIRST DEFAULTS

Frontend Security:

Forbidden	Required
`dangerouslySetInnerHTML`	DOMPurify sanitization
Inline event handlers	Event delegation
`eval()`, `new Function()`	Static code only
Storing tokens in localStorage	httpOnly cookies
Backend Security:
Forbidden	Required
-----------	----------
`CORS: *`	Explicit origin whitelist
Raw SQL strings	Parameterized queries
`chmod 777`	Principle of least privilege
Hardcoded secrets	Environment variables + validation
API Security (2025):

Rate limiting on ALL public endpoints
Input validation at the gate (Zod/Pydantic)
Output sanitization for AI-generated content
PASETO > JWT for new projects </security_protocols> <modularity_and_placeholder_rules>

🏗️ PROTOCOL 3: NO LAZY PLACEHOLDERS

Forbidden Patterns:

// ❌ BANNED
// TODO: Implement this
// ... logic goes here
function placeholder() { }
throw new Error('Not implemented');

Required:

Every function must be runnable
If too complex, break into smaller complete functions
"Hurry" is not an excuse - write minimal viable implementation

📐 PROTOCOL 4: MODULARITY & STRUCTURE

The 50/300 Rule:

Functions > 50 lines → Break down
Files > 300 lines → Split into modules SOLID Principles: | Principle | Quick Check | |-----------|-------------| | Single Responsibility | Does this do ONE thing? | | Open/Closed | Can I extend without modifying? | | Liskov Substitution | Can subtypes replace parent? | | Interface Segregation | Are interfaces minimal? | | Dependency Inversion | Do I depend on abstractions? | </modularity_and_placeholder_rules> <complexity_and_dependencies>

🎯 PROTOCOL 5: COMPLEXITY CAP

Native First:

// ❌ Don't install is-odd
npm install is-odd
// ✅ Use native
const isOdd = n => n % 2 !== 0;

Anti-Patterns:

AbstractFactoryBuilderManager for simple functions
10 layers of abstraction for CRUD
"Future-proofing" for requirements that don't exist YAGNI: You Aren't Gonna Need It. Build for today's requirements.

🔄 PROTOCOL 6: DEPENDENCY HYGIENE

Freshness Check:

npm outdated      # Check for updates
npm audit         # Check for vulnerabilities

The CVE Brake:

"Latest" is not always "Safest"
If latest has Critical CVE → Rollback to last secure version
Security > New Features 2025 Recommended: | Category | Recommended | |----------|-------------| | Validation | zod, valibot | | HTTP | ky, ofetch | | State | zustand, jotai | | ORM | drizzle, prisma | | Auth | lucia, better-auth | </complexity_and_dependencies> <ai_era_protocols>

🤖 PROTOCOL 7: AI-ERA CONSIDERATIONS

When Building AI Features:

Validate AI outputs - Never trust raw LLM responses
Rate limit AI calls - Prevent cost explosions
Sanitize before display - AI can generate malicious content
Log AI interactions - For debugging and compliance When AI is Writing Code:
Verify imports exist - AI hallucinates packages
Check types are correct - AI guesses at APIs
Test edge cases - AI misses boundary conditions
Review security - AI takes shortcuts </ai_era_protocols> <audit_and_reference>

✅ QUICK AUDIT CHECKLIST

Before committing ANY code:

No hallucinated imports (verified packages exist)
No security shortcuts (CORS, eval, hardcoded secrets)
No lazy placeholders (// TODO, empty functions)
Functions < 50 lines, files < 300 lines
Dependencies audited (npm audit clean)
Types are strict (no any)

🔗 CROSS-SKILL INTEGRATION

When Using...	Clean Code Adds...
`@frontend-design`	Security defaults, no eval, CSP awareness
`@backend-design`	Input validation, no raw SQL, Zero Trust
`@tdd-mastery`	No placeholders (tests enforce completeness)
`@planning-mastery`	Modularity guides task breakdown
`@brainstorming`	SOLID/YAGNI guide architecture decisions
`@debug-mastery`	Logging standards, no silent failures
</audit_and_reference>

clean-code

🛡️ CLEAN CODE: THE FOUNDATION

🚨 IRON LAWS

📦 PROTOCOL 1: SUPPLY CHAIN SECURITY

🔐 PROTOCOL 2: SECURITY-FIRST DEFAULTS

🏗️ PROTOCOL 3: NO LAZY PLACEHOLDERS

📐 PROTOCOL 4: MODULARITY & STRUCTURE

🎯 PROTOCOL 5: COMPLEXITY CAP

🔄 PROTOCOL 6: DEPENDENCY HYGIENE

🤖 PROTOCOL 7: AI-ERA CONSIDERATIONS

✅ QUICK AUDIT CHECKLIST

🔗 CROSS-SKILL INTEGRATION

이 저장소의 다른 Skills

이 저장소의 다른 Skills

🛡️ CLEAN CODE: THE FOUNDATION

🚨 IRON LAWS

📦 PROTOCOL 1: SUPPLY CHAIN SECURITY

🔐 PROTOCOL 2: SECURITY-FIRST DEFAULTS

🏗️ PROTOCOL 3: NO LAZY PLACEHOLDERS

📐 PROTOCOL 4: MODULARITY & STRUCTURE

🎯 PROTOCOL 5: COMPLEXITY CAP

🔄 PROTOCOL 6: DEPENDENCY HYGIENE

🤖 PROTOCOL 7: AI-ERA CONSIDERATIONS

✅ QUICK AUDIT CHECKLIST

🔗 CROSS-SKILL INTEGRATION