vibe-check

Audit code for "vibe coding sins" — patterns that indicate AI-generated code was accepted without proper review. Produces a scored report card with fix suggestions.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "vibe-check" with this command: npx skills add tkuehnl/vibe-check

🎭 Vibe Check

Audit code for "vibe coding" — AI-generated code accepted without proper human review. Get a scored report card with specific findings and fix suggestions.

Trigger

Activate when the user mentions any of:

  • "vibe check"
  • "vibe-check"
  • "audit code"
  • "code quality"
  • "vibe score"
  • "check my code"
  • "review this code for vibe coding"
  • "code review"
  • "vibe audit"

Instructions

1. Determine the Target

Ask the user what code to analyze. Accepted inputs:

  • Single file: app.py, src/utils.ts
  • Directory: src/, ., my-project/
  • Git diff: last N commits, staged changes, or branch comparison

2. Run the Analysis

# Single file or directory
bash "$SKILL_DIR/scripts/vibe-check.sh" TARGET

# With fix suggestions
bash "$SKILL_DIR/scripts/vibe-check.sh" --fix TARGET

# Git diff (last 3 commits)
bash "$SKILL_DIR/scripts/vibe-check.sh" --diff HEAD~3

# Staged changes with fixes
bash "$SKILL_DIR/scripts/vibe-check.sh" --staged --fix

# Save to file
bash "$SKILL_DIR/scripts/vibe-check.sh" --fix --output report.md TARGET

3. Present the Report

The output is a Markdown report. Present it directly — it's designed to be screenshot-worthy.

Discord v2 Delivery Mode (OpenClaw v2026.2.14+)

When the conversation is happening in a Discord channel:

  • Send a compact summary first (grade, score, file count, top 3 findings), then ask if the user wants the full report.
  • Keep the first message under ~1200 characters and avoid wide Markdown tables in the first response.
  • If Discord components are available, include quick actions:
    • Show Top Findings
    • Show Fix Suggestions
    • Run Diff Mode
  • If components are not available, provide the same follow-ups as a numbered list.
  • Prefer short follow-up chunks (<=15 lines per message) when sending the full report.

Quick Reference

CommandDescription
vibe-check FILEAnalyze a single file
vibe-check DIRScan directory recursively
vibe-check --diffCheck last commit's changes
vibe-check --diff HEAD~5Check last 5 commits
vibe-check --stagedCheck staged changes
vibe-check --fix DIRInclude fix suggestions
vibe-check --output report.md DIRSave report to file

Sin Categories (what it checks)

CategoryWeightWhat It Catches
Error Handling20%Missing try/catch, bare exceptions, no edge cases
Input Validation15%No type checks, no bounds checks, trusting all input
Duplication15%Copy-pasted logic, DRY violations
Dead Code10%Unused imports, commented-out blocks, unreachable code
Magic Values10%Hardcoded strings/numbers/URLs without constants
Test Coverage10%No test files, no test patterns, no assertions
Naming Quality10%Vague names (data, result, temp, x), misleading names
Security10%eval(), exec(), hardcoded secrets, SQL injection

Scoring

  • A (90-100): Pristine code, minimal issues
  • B (80-89): Clean code with minor issues
  • C (70-79): Decent but lazy patterns crept in
  • D (60-69): Needs human attention
  • F (<60): Heavy vibe coding detected

Notes for the Agent

  • The report is the star. Present it in full — it's designed to look great.
  • After presenting, offer to run --fix mode if they didn't already.
  • Suggest the README badge: ![Vibe Score](https://img.shields.io/badge/vibe--score-XX%2F100-COLOR)
  • For large codebases, suggest focusing on specific directories or using --diff mode.
  • If no LLM API key is set, the tool falls back to heuristic analysis (less accurate but still useful).
  • Supported languages (v1): Python, TypeScript, JavaScript only.

References

  • scripts/vibe-check.sh — Main entry point
  • scripts/analyze.sh — LLM code analysis engine (with heuristic fallback)
  • scripts/git-diff.sh — Git diff file extractor
  • scripts/report.sh — Markdown report generator
  • scripts/common.sh — Shared utilities and constants

Examples

Example 1: Audit a Directory

User: "Vibe check my src directory"

Agent runs:

bash "$SKILL_DIR/scripts/vibe-check.sh" src/

Output: Full scorecard with per-file breakdown, category scores, and top findings.

Example 2: Check with Fixes

User: "Review this code for vibe coding and suggest fixes"

Agent runs:

bash "$SKILL_DIR/scripts/vibe-check.sh" --fix src/

Output: Scorecard + unified diff patches for each finding.

Example 3: Git Diff Mode

User: "Check the code quality of my last 3 commits"

Agent runs:

bash "$SKILL_DIR/scripts/vibe-check.sh" --diff HEAD~3

Output: Scorecard focused only on recently changed files.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

OpenClaw Security Suite

Comprehensive security suite for OpenClaw skills. Includes static scanning (AST + keywords) and AI-powered semantic behavior review to detect malicious code.

Registry SourceRecently Updated
099
Profile unavailable
Security

Code Review Engine

Enterprise-grade code review agent. Reviews PRs, diffs, or code files for security vulnerabilities, performance issues, error handling gaps, architecture smells, and test coverage. Works with any language, any repo, no dependencies required.

Registry SourceRecently Updated
0530
Profile unavailable
Security

AetherCore v3.3

AetherCore v3.3.4 - Security-focused final release. High-performance JSON optimization with universal smart indexing for all file types. All security review...

Registry SourceRecently Updated
1144
Profile unavailable