🎯

clean-code

🎯Skill

from xenitv1/claude-code-maestro

What it does

Enforces rigorous code quality, security, and anti-hallucination protocols across all AI-generated code outputs, ensuring production-ready, safe implementations.

📦

Part of

xenitv1/claude-code-maestro(39 items)

clean-code

Installation

Quick InstallInstall with npx

npx skills add xenitV1/claude-code-maestro

Add MarketplaceAdd marketplace to Claude Code

/plugin marketplace add xenitV1/claude-code-maestro

Install PluginInstall plugin from marketplace

/plugin install maestro@xenitV1-claude-code-maestro

📖 Extracted from docs: xenitv1/claude-code-maestro

Need more details? View full documentation on GitHub →

12Installs

AddedFeb 4, 2026

View on GitHub Back to Skills

Skill Details

SKILL.md

The Foundation Skill. LLM Firewall + 2025 Security + Cross-Skill Coordination. Use for ALL code output - prevents hallucinations, enforces security, ensures quality.

Overview

# 🛡️ CLEAN CODE: THE FOUNDATION

> Philosophy: This skill is the FOUNDATION - it applies to ALL other skills. Every piece of code must pass these gates.

ALGORITHMIC ELEGANCE MANDATE (CRITICAL): Never prioritize "clever" code over readable, intent-revealing engineering. AI-generated code often fails by introducing unnecessary abstractions or using vague naming conventions that obscure logic. You MUST use intent-revealing names for every variable and function. Any implementation that increases cognitive complexity without a proportional gain in performance or scalability must be rejected. Avoid "Hype-Driven Development"—proven patterns trump trending but unstable frameworks.

🚨 IRON LAWS

```

NO HALLUCINATED PACKAGES - Verify before import
NO LAZY PLACEHOLDERS - Code must be runnable
NO SECURITY SHORTCUTS - Production-ready defaults
NO OVER-ENGINEERING - Simplest solution first

```

📦 PROTOCOL 1: SUPPLY CHAIN SECURITY

LLMs hallucinate packages that sound real but don't exist.

Verify before import - npm search or pip show for unfamiliar packages
Prefer battle-tested - lodash, date-fns, zod over obscure alternatives
Check npm audit / pip-audit before adding new dependencies
Pin versions in production - no ^ or ~ for critical deps

2025 AI Package Risks:

Never import AI "wrapper" libraries without verification
LLM SDKs: Use official only (openai, anthropic, google-generativeai)
Vector DBs: Stick to established (pinecone, weaviate, chromadb)

🔐 PROTOCOL 2: SECURITY-FIRST DEFAULTS

Frontend Security:

| Forbidden | Required |

|-----------|----------|

| dangerouslySetInnerHTML | DOMPurify sanitization |

| Inline event handlers | Event delegation |

| eval(), new Function() | Static code only |

| Storing tokens in localStorage | httpOnly cookies |

Backend Security:

| Forbidden | Required |

|-----------|----------|

| CORS: * | Explicit origin whitelist |

| Raw SQL strings | Parameterized queries |

| chmod 777 | Principle of least privilege |

| Hardcoded secrets | Environment variables + validation |

API Security (2025):

Rate limiting on ALL public endpoints
Input validation at the gate (Zod/Pydantic)
Output sanitization for AI-generated content
PASETO > JWT for new projects

🏗️ PROTOCOL 3: NO LAZY PLACEHOLDERS

Forbidden Patterns:

```javascript

// ❌ BANNED

// TODO: Implement this

// ... logic goes here

function placeholder() { }

throw new Error('Not implemented');

```

Required:

Every function must be runnable
If too complex, break into smaller complete functions
"Hurry" is not an excuse - write minimal viable implementation

📐 PROTOCOL 4: MODULARITY & STRUCTURE

The 50/300 Rule:

Functions > 50 lines → Break down
Files > 300 lines → Split into modules

SOLID Principles:

| Principle | Quick Check |

|-----------|-------------|

| Single Responsibility | Does this do ONE thing? |

| Open/Closed | Can I extend without modifying? |

| Liskov Substitution | Can subtypes replace parent? |

| Interface Segregation | Are interfaces minimal? |

| Dependency Inversion | Do I depend on abstractions? |

🎯 PROTOCOL 5: COMPLEXITY CAP

Native First:

```javascript

// ❌ Don't install is-odd

npm install is-odd

// ✅ Use native

const isOdd = n => n % 2 !== 0;

```

Anti-Patterns:

AbstractFactoryBuilderManager for simple functions
10 layers of abstraction for CRUD
"Future-proofing" for requirements that don't exist

YAGNI: You Aren't Gonna Need It. Build for today's requirements.

🔄 PROTOCOL 6: DEPENDENCY HYGIENE

Freshness Check:

```bash

npm outdated # Check for updates

npm audit # Check for vulnerabilities

```

The CVE Brake:

"Latest" is not always "Safest"
If latest has Critical CVE → Rollback to last secure version
Security > New Features

2025 Recommended:

| Category | Recommended |

|----------|-------------|

| Validation | zod, valibot |

| HTTP | ky, ofetch |

| State | zustand, jotai |

| ORM | drizzle, prisma |

| Auth | lucia, better-auth |

🤖 PROTOCOL 7: AI-ERA CONSIDERATIONS

When Building AI Features:

Validate AI outputs - Never trust raw LLM responses
Rate limit AI calls - Prevent cost explosions
Sanitize before display - AI can generate malicious content
Log AI interactions - For debugging and compliance

When AI is Writing Code:

Verify imports exist - AI hallucinates packages
Check types are correct - AI guesses at APIs
Test edge cases - AI misses boundary conditions
Review security - AI takes shortcuts

✅ QUICK AUDIT CHECKLIST

Before committing ANY code:

[ ] No hallucinated imports (verified packages exist)
[ ] No security shortcuts (CORS, eval, hardcoded secrets)
[ ] No lazy placeholders (// TODO, empty functions)
[ ] Functions < 50 lines, files < 300 lines
[ ] Dependencies audited (npm audit clean)
[ ] Types are strict (no any)

---

🔗 CROSS-SKILL INTEGRATION

| When Using... | Clean Code Adds... |

|---------------|-------------------|

| @frontend-design | Security defaults, no eval, CSP awareness |

| @backend-design | Input validation, no raw SQL, Zero Trust |

| @tdd-mastery | No placeholders (tests enforce completeness) |

| @planning-mastery | Modularity guides task breakdown |

| @brainstorming | SOLID/YAGNI guide architecture decisions |

| @debug-mastery | Logging standards, no silent failures |

More from this repository10

🎯

maestro🎯Skill

maestro skill from xenitv1/claude-code-maestro

🎯

brainstorming🎯Skill

Collaboratively explores and refines project ideas through systematic design questioning, turning initial concepts into comprehensive, well-structured specifications before implementation.

🎯

mobile-design🎯Skill

Orchestrates complex software architecture through a disciplined governance protocol, enforcing systematic design, continuous learning, and strategic project management.

🎯

powershell-windows🎯Skill

Orchestrates complex software architecture by enforcing a disciplined, strategic approach to project development with persistent memory and specialized expertise delegation.

🎯

python-patterns🎯Skill

Orchestrates complex software architecture through a disciplined, systematic approach with persistent project memory and specialized skill delegation.

🎯

frontend-design🎯Skill

Crafts elite web UI designs with pixel-perfect retro aesthetics, immersive layouts, and UX psychology protocols that prioritize intuitive user experiences.

🎯

react-patterns🎯Skill

Orchestrates complex software architecture by enforcing a disciplined, proactive approach with persistent project memory and strategic expertise delegation.

🎯

architecture🎯Skill

Orchestrates complex software architecture by enforcing a disciplined, strategic approach with persistent project memory and specialized skill delegation.

🎯

i18n-localization🎯Skill

Orchestrates complex software architecture by enforcing a disciplined, systematic approach to project development through strategic planning, continuous verification, and specialized skill delegation.

🎯

code-review-checklist🎯Skill

Governs complex software projects by enforcing architectural discipline, maintaining project continuity, and orchestrating specialized expertise through a systematic lifecycle.