bash-defensive-patterns

by wshobson

bash-defensive-patterns helps agents write safer Bash for production automation, CI/CD, and system scripts with strict mode, traps, cleanup, quoting, and input validation.

Stars32.6k

Favorites0

Comments0

AddedMar 30, 2026

CategoryBackend Development

Install Command

npx skills add wshobson/agents --skill bash-defensive-patterns

Curation Score

This skill scores 78/100, which makes it a solid directory listing candidate for users who want reusable Bash hardening guidance rather than a runnable automation package. The repository evidence shows substantial, non-placeholder content with clear usage triggers and practical code examples, so an agent can likely invoke it appropriately and get more reliable shell patterns than from a generic prompt. The main limitation for install decisions is that it is documentation-only, with no support files, scripts, or explicit quick-start/install flow.

78/100

Strengths

Strong triggerability: the description and 'When to Use This Skill' section clearly target production Bash, CI/CD, and system utility scripting.
Substantial operational content: long SKILL.md with code fences and concrete topics like strict mode, traps, cleanup, and safety practices.
Credible non-placeholder artifact: valid frontmatter, large body, no placeholder or experimental signals, and focused defensive-programming scope.

Cautions

Adoption is doc-driven only: there are no scripts, reference files, or companion resources to reduce execution guesswork further.
Install decision clarity is limited by missing install/quick-start guidance and relatively low practical workflow signals in the repository evidence.

Bash Shell Scripting Cli Automation Ci Cd Devops Reliability Configuration

Overview

Overview of bash-defensive-patterns skill

What bash-defensive-patterns skill does

The bash-defensive-patterns skill teaches an agent how to write safer Bash for production automation, not just syntactically correct shell snippets. It focuses on failure handling, cleanup, quoting, input validation, and patterns that reduce silent breakage in CI jobs, deploy scripts, cron tasks, and system utilities.

Who should install it

This skill is a strong fit for backend engineers, DevOps teams, SREs, platform engineers, and anyone using Bash in operational paths where a bad script can delete files, hide errors, or leave partial state behind. It is especially useful as bash-defensive-patterns for Backend Development when shell code glues together builds, deployments, backups, migrations, and environment setup.

The real job-to-be-done

Most users do not need “more Bash.” They need Bash that fails early, reports clearly, cleans up reliably, and behaves predictably under edge cases. The bash-defensive-patterns skill is valuable when you want an agent to generate or review scripts with production risk in mind rather than treating shell as disposable glue code.

What makes it different from a generic shell prompt

A generic prompt often returns scripts that work on the happy path but miss set -Eeuo pipefail, traps, safe temp handling, defensive quoting, and clear exit behavior. This skill is opinionated about robust defaults and pushes output toward production-grade patterns instead of quick one-off commands.

What to know before adopting

The repository is a single SKILL.md document rather than a code-heavy package. That makes bash-defensive-patterns install simple, but also means value comes from how well you invoke it with context. If you give the agent your operating environment, failure modes, and script purpose, this skill can materially improve output quality; if you only ask for “a bash script,” results will be less differentiated.

How to Use bash-defensive-patterns skill

Install context for bash-defensive-patterns skill

If your agent platform supports Skills from GitHub repositories, add the source repository and then invoke bash-defensive-patterns by name in your task. A common pattern is:

npx skills add https://github.com/wshobson/agents

Then ask the agent to use the bash-defensive-patterns skill while writing or reviewing a script. The repository path for this skill is:

plugins/shell-scripting/skills/bash-defensive-patterns

Read this file first

Start with:

SKILL.md

This skill has no extra support files, so nearly all of the decision-making guidance is in that one document. That is good for fast evaluation: you can skim the headings and quickly tell whether the guidance matches your Bash safety standards.

Best use cases in practice

Use bash-defensive-patterns usage when you need the agent to:

generate a new production shell script
harden an existing script before release
review CI/CD Bash for unsafe assumptions
add cleanup and error traps
improve logging and failure visibility
validate inputs, paths, and external command dependencies

Inputs the skill needs to work well

For high-quality output, provide more than the desired script outcome. Include:

target shell: bash version if known
execution environment: local Linux, macOS, container, CI runner
whether the script is interactive or non-interactive
allowed external tools: jq, curl, awk, sed, mktemp, etc.
failure policy: fail fast, retry, continue on partial errors
side effects: file writes, temp dirs, network calls, deletes
security concerns: secrets, destructive commands, path safety

Without this context, the agent may still apply defensive patterns, but it cannot tailor them to your environment.

Turn a rough request into a strong prompt

Weak prompt:

“Write a bash deploy script.”

Stronger prompt:

“Use the bash-defensive-patterns skill to write a non-interactive Bash deploy script for a Linux CI runner. It should use set -Eeuo pipefail, validate required env vars, check dependencies, create and clean up a temp directory, log failed commands with line numbers, and abort safely before any destructive step if prechecks fail.”

The stronger version improves output because it tells the agent what kind of failure handling and operational behavior actually matter.

Prompt template for new scripts

Use this template for bash-defensive-patterns guide style requests:

Goal: what the script accomplishes
Environment: where it runs
Inputs: flags, env vars, files, secrets
External commands: what is available
Failure handling: retries, rollback, cleanup, exit codes
Safety rules: no unquoted expansions, no unsafe rm, validate paths
Output preference: full script, review notes, or patch against existing code

This structure helps the skill produce code that is safer and easier to adopt directly.

Prompt template for reviewing existing Bash

If you already have a script, ask for targeted review instead of a rewrite:

“Use bash-defensive-patterns to review this Bash script for strict mode issues, quoting bugs, unsafe temp handling, missing cleanup, unchecked command failures, and poor error messages. Return a prioritized list of risks, then a corrected version.”

This works well because the skill is strongly oriented toward common shell failure modes.

Practical workflow that saves time

A good workflow is:

Generate or paste the script.
Ask the agent to apply bash-defensive-patterns.
Review traps, cleanup, and strict mode behavior manually.
Run shellcheck separately if available.
Test unhappy paths, not just success paths.

The skill helps with robust structure, but you still want execution tests for real paths and failures.

What the skill is likely to improve

Based on the source, expect emphasis on:

strict mode with set -Eeuo pipefail
ERR and EXIT traps
cleanup for temp resources
safer variable handling
guarding against edge cases
writing scripts that are maintainable under production pressure

That makes it more useful for operational Bash than for quick ad hoc command lines.

Constraints and tradeoffs

bash-defensive-patterns is not a Bash runtime, linter, or compatibility test suite. It gives guidance and code patterns, but it cannot verify that every construct behaves the same across all environments unless you specify your target platform. Also, strict defensive style can make short scripts look heavier; that is a feature for production workflows, but may feel excessive for throwaway local use.

When to skip this skill

Do not lead with this skill if:

you only need a one-line shell command
the task should be implemented in Python, Go, or another safer language
your environment is sh or dash rather than Bash
you want minimal scripts with no operational overhead

In those cases, bash-defensive-patterns skill may be more structure than you need.

bash-defensive-patterns skill FAQ

Is bash-defensive-patterns skill good for beginners?

Yes, if you are learning Bash for real operational work rather than toy examples. The guidance is practical and centered on avoiding common mistakes. Absolute beginners may need some extra explanation of traps, exit codes, and strict mode side effects, but the patterns are worth learning early.

Is bash-defensive-patterns install worth it if I already use ShellCheck?

Yes. ShellCheck and bash-defensive-patterns do different jobs. ShellCheck flags many syntax and style issues; this skill helps the agent choose safer overall script structure, cleanup flow, validation strategy, and failure semantics. They work well together.

Does bash-defensive-patterns usage fit CI/CD work?

Very well. CI and deployment scripts often fail in brittle ways: hidden pipeline errors, missing env vars, partial state, and unclear logs. This skill directly targets those failure classes, which is why it is a strong fit for Backend Development and delivery automation.

Can I use it for reviewing old scripts instead of generating new ones?

Yes. That is one of the best uses. Ask the agent to audit for unsafe expansions, missing trap usage, lack of dependency checks, weak input validation, and destructive commands without safeguards. You will usually get more value from targeted hardening than from a wholesale rewrite.

When is an ordinary prompt enough?

An ordinary prompt is enough for disposable local scripts, exploration, or quick command composition. Use bash-defensive-patterns when the script will be shared, scheduled, run in CI, or trusted with files, credentials, or deployment state.

Are there any adoption blockers?

The main blocker is not installation complexity; it is input quality. Because the repository is a single guidance file, the skill works best when you tell the agent about environment, risk tolerance, and operational constraints. If you omit those, output may still be reasonable but less production-ready.

How to Improve bash-defensive-patterns skill

Give operational constraints up front

The fastest way to improve bash-defensive-patterns output is to specify:

Bash version
platform
available commands
whether failure should abort or partially continue
cleanup requirements
whether destructive actions are allowed

These details change the right defensive pattern choices.

Ask for failure-path design, not just code

A better request is:

“Generate the script and explain how it behaves on dependency failure, bad input, network timeout, and cleanup.”

That pushes the skill to surface real operational behavior instead of returning a script that only looks tidy.

Provide concrete unsafe areas to review

When improving an existing script, point the agent to likely risks:

temp file handling
wildcard expansion
loops over filenames
pipeline error masking
missing quotes
secret leakage in logs
partial deploy rollback

This gets better results than asking for a generic “make it safer.”

Request an opinionated patch

If the first answer is too vague, ask for:

a unified diff
a rewritten header with strict mode and traps
a preflight validation section
logging helpers
a cleanup function
explicit exit codes

These requests force the bash-defensive-patterns skill to produce changes you can apply directly.

Test the strict mode assumptions

One common failure mode is adopting strict mode without handling commands that are expected to return non-zero. Ask the agent to identify where set -e or pipefail could cause unwanted exits and to rewrite those sections intentionally. This is often the biggest gap between “defensive” and “actually usable.”

Ask for comments only where risk is non-obvious

Defensive Bash can become noisy. If the first output is over-commented, request:

“Keep comments only on non-obvious defensive choices.”

That preserves safety while making the final script easier to maintain.

Iterate with real error examples

The best refinement loop is to paste actual failures:

“In CI, this failed because $ARTIFACT_DIR was unset.”
“Cleanup did not run after a command in a function failed.”
“The script broke on filenames with spaces.”

Real failures let the skill apply the right defensive pattern instead of guessing.

Pair bash-defensive-patterns with validation tools

For stronger results, use this skill with:

shellcheck for static analysis
execution tests for success and failure cases
a minimal container or CI job matching production
sample bad inputs, not just happy-path fixtures

The skill improves script design; tooling confirms behavior.

Know when to move beyond Bash

Sometimes the best improvement is not more Bash. If your script needs complex parsing, concurrency, structured error propagation, or cross-platform guarantees, ask the agent whether the job should move to Python or Go. Using bash-defensive-patterns well includes knowing when Bash is the wrong tool.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

azure-identity-py

by microsoft

azure-identity-py helps set up Azure authentication in Python with Microsoft Entra ID. Use it to choose DefaultAzureCredential, managed identity, or service principal auth, configure environment variables, and troubleshoot access control and credential chain issues. Install guidance, usage patterns, and practical setup notes are based on the repo skill file.

Access Control

Favorites 0GitHub 2.2k

wrangler

by cloudflare

The wrangler skill helps you find correct CLI commands, config shapes, and deployment steps for Cloudflare Workers. Use it for wrangler usage, wrangler install checks, and a practical wrangler guide when building or shipping Workers for Backend Development.

Backend Development

Favorites 0GitHub 1.3k

clickhouse-best-practices

by ClickHouse

clickhouse-best-practices is a ClickHouse best practices skill for Database Engineering. It guides schema design, query tuning, insert strategy, and agent connectivity with rule-based recommendations, making clickhouse-best-practices usage easier to trigger, review, and cite in ClickHouse workflows.

Database Engineering

Favorites 0GitHub 412

clickhouse-architecture-advisor

by ClickHouse

clickhouse-architecture-advisor helps design ClickHouse workloads with workload-aware decisions for ingestion, partitioning, joins, dictionaries, upserts, and pre-aggregation. It is especially useful for Backend Development, observability, SIEM, product analytics, IoT telemetry, and financial pipelines. The skill labels guidance as official, derived, or field.

Backend Development

Favorites 0GitHub 412

chdb-datastore

by ClickHouse

chdb-datastore is a pandas-compatible skill for fast data analysis with a ClickHouse-backed DataStore API. It supports file, database, and cloud connectors, cross-source joins, and minimal code changes for pandas-style workflows. Use this chdb-datastore guide when you want a drop-in analysis layer for larger datasets.

Data Analysis

Favorites 0GitHub 0

aspnet-core

by openai

The aspnet-core skill helps you build, review, refactor, and upgrade ASP.NET Core apps using current framework guidance. It is built for backend development, APIs, server-rendered apps, Blazor, SignalR, gRPC, and hosted services, with decision-first guidance for app model choice, Program.cs setup, DI, configuration, security, testing, and deployment.

Backend Development

Favorites 0GitHub 18.6k

azure-identity-ts

by microsoft

azure-identity-ts helps TypeScript apps authenticate to Azure services with @azure/identity. Use this skill to choose the right credential for local development, production, CI/CD, managed identity, service principals, workload identity, or browser login. It is especially useful for Backend Development and clear azure-identity-ts guide workflows.

Backend Development

Favorites 0GitHub 2.3k

azure-search-documents-py

by microsoft

azure-search-documents-py is the Python Azure AI Search skill for backend development, covering install, auth, index design, vector search, hybrid search, semantic ranking, and agentic retrieval. Use the azure-search-documents-py skill when you need practical guidance from setup to working query patterns.

Backend Development

Favorites 0GitHub 2.3k

azure-servicebus-dotnet

by microsoft

azure-servicebus-dotnet helps .NET backend teams use Azure Service Bus with queues, topics, subscriptions, sessions, and dead-letter handling. It covers install, authentication, connection setup, and practical usage of Azure.Messaging.ServiceBus for reliable messaging in backend development.

Backend Development

Favorites 0GitHub 2.2k

azure-cosmos-db-py

by microsoft

azure-cosmos-db-py helps you build Azure Cosmos DB NoSQL persistence in Python/FastAPI with production-ready patterns for client setup, dual auth, partition-aware CRUD, parameterized queries, and testable service layers. Use the azure-cosmos-db-py skill when you need a practical guide for backend development, local emulator support, and reusable Cosmos DB implementation patterns.

Backend Development

Favorites 0GitHub 2.2k

mcp-server-patterns

by affaan-m

mcp-server-patterns is a practical guide for MCP Server Development with the Node/TypeScript SDK. Learn when to use tools, resources, prompts, Zod validation, and stdio vs Streamable HTTP, with current API notes for safer implementation and debugging.

MCP Server Development

Favorites 0GitHub 156.2k

laravel-tdd

by affaan-m

laravel-tdd is a Laravel test-driven-development guide for PHPUnit and Pest. It helps with unit, feature, and integration test choices, database strategy, fakes, coverage targets, and a practical workflow for test automation.

Test Automation

Favorites 0GitHub 156.2k

django-security

by affaan-m

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

Security Audit

Favorites 0GitHub 156.1k

uv-package-manager

by wshobson

Use the uv-package-manager skill to plan installs, migrate from pip or Poetry, and apply practical uv workflows for Python project setup, lockfiles, CI, Docker, and workspaces.

Project Setup

Favorites 0GitHub 32.6k

performance-optimization

by addyosmani

The performance-optimization skill helps you measure first, find the real bottleneck, fix it, and verify results. Use it when performance requirements exist, you suspect a regression, or Core Web Vitals, load times, or interaction latency need improvement.

Performance Optimization

Favorites 0GitHub 18.7k

chatgpt-apps

by openai

chatgpt-apps is the skill for building or fixing ChatGPT Apps SDK projects that pair an MCP server with a widget UI. Use it for docs-aligned setup, tool design, bridge wiring, resource registration, metadata, CSP, and repo validation. It also supports chatgpt-apps for Backend Development when backend and UI must be designed together.

Backend Development

Favorites 0GitHub 18.6k