Apply consistent security, performance, and accessibility standards across all recommendations. Use when reviewing code, designing features, or validating implementations. Cross-cutting skill for all agents.
/plugin marketplace add rsmdt/the-startup/plugin install team@the-startupThis skill inherits all available tools. When active, it can use any tool Claude has access to.
checklists/accessibility-checklist.mdchecklists/performance-checklist.mdchecklists/security-checklist.mdA cross-cutting skill that enforces consistent security, performance, and quality standards across all agent recommendations. This skill provides actionable checklists aligned with industry standards.
Covers common vulnerability prevention aligned with OWASP Top 10. Apply these checks to any code that handles user input, authentication, data storage, or external communications.
See: checklists/security-checklist.md
Covers optimization patterns for frontend, backend, and database operations. Apply these checks when performance is a concern or during code review.
See: checklists/performance-checklist.md
Covers WCAG 2.1 Level AA compliance. Apply these checks to all user-facing components to ensure inclusive design.
See: checklists/accessibility-checklist.md
All agents should recommend these error handling approaches:
Validate inputs at system boundaries and fail immediately with clear error messages. Do not allow invalid data to propagate through the system.
// At API boundary
function handleRequest(input) {
const validation = validateInput(input);
if (!validation.valid) {
throw new ValidationError(validation.errors);
}
// Process validated input
}
Create domain-specific error types that carry context about what failed and why. Generic errors lose valuable debugging information.
class PaymentDeclinedError extends Error {
constructor(reason, transactionId) {
super(`Payment declined: ${reason}`);
this.reason = reason;
this.transactionId = transactionId;
}
}
Never expose internal error details to users. Log full context internally, present sanitized messages externally.
try {
await processPayment(order);
} catch (error) {
logger.error('Payment failed', {
error,
orderId: order.id,
userId: user.id
});
throw new UserFacingError('Payment could not be processed. Please try again.');
}
When non-critical operations fail, degrade gracefully rather than failing entirely. Define what is critical vs. optional.
async function loadDashboard() {
const [userData, analytics, recommendations] = await Promise.allSettled([
fetchUserData(), // Critical - fail if missing
fetchAnalytics(), // Optional - show placeholder
fetchRecommendations() // Optional - hide section
]);
if (userData.status === 'rejected') {
throw new Error('Cannot load dashboard');
}
return {
user: userData.value,
analytics: analytics.value ?? null,
recommendations: recommendations.value ?? []
};
}
For transient failures (network, rate limits), implement exponential backoff with maximum attempts.
async function fetchWithRetry(url, maxAttempts = 3) {
for (let attempt = 1; attempt <= maxAttempts; attempt++) {
try {
return await fetch(url);
} catch (error) {
if (attempt === maxAttempts) throw error;
await sleep(Math.pow(2, attempt) * 100); // 200ms, 400ms, 800ms
}
}
}
checklists/security-checklist.md - OWASP-aligned security checkschecklists/performance-checklist.md - Performance optimization checklistchecklists/accessibility-checklist.md - WCAG 2.1 AA compliance checklistThis skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.