feat: Migrate quick_check_skill.sh to JavaScript (validateSkillStructure)

[ashleyshaw]

Summary

Migrated quick_check_skill.sh to a reusable JavaScript module validateSkillStructure.js with comprehensive Jest test coverage. This is part of the broader initiative to eliminate all shell scripts.

Changes

• New Module: scripts/skill-utils/validateSkillStructure.js

  • Validates skill directory structure
  • Checks SKILL.md with YAML frontmatter
  • Verifies agents/openai.yaml presence
  • Validates name format (lowercase hyphen-case starting with letter)
  • Detects package noise (pycache, node_modules, .DS_Store, etc.)
  • Optional placeholder text detection (TODO, placeholder, Replace with)
  • CommonJS exports for Jest compatibility

• Test Suite: scripts/skill-utils/__tests__/validateSkillStructure.test.js

  • 18 comprehensive tests covering all validation scenarios
  • Tests for: directory structure, frontmatter, name format, folder matching, noise detection, placeholder detection
  • Full edge case coverage

Features Migrated

• ✅ SKILL.md presence and frontmatter validation
• ✅ agents/openai.yaml presence check
• ✅ Name format validation (must be lowercase hyphen-case, starting with letter)
• ✅ Name-to-folder matching
• ✅ Package noise detection (multiple patterns)
• ✅ Optional placeholder text detection
• ✅ Comprehensive error messages
• ✅ Return structured validation result

Test Results

PASS scripts/skill-utils/__tests__/validateSkillStructure.test.js
  validateSkillStructure (18 tests)
  - should throw error if skill directory does not exist
  - should throw error if SKILL.md not found
  - should throw error if agents/openai.yaml not found
  - should throw error if SKILL.md does not start with frontmatter
  - should throw error if name is not lowercase hyphen-case
  - should throw error if description is missing
  - should throw error if name does not match folder name
  - should throw error if __pycache__ directory exists
  - should throw error if node_modules directory exists
  - should throw error if .DS_Store file exists
  - should return valid object for valid skill structure
  - should detect placeholder text when checkPlaceholders is true
  - should not detect placeholder text when checkPlaceholders is false
  - should detect placeholder text containing 'Replace with'
  - should detect placeholder text containing 'placeholder'
  - should allow hyphens in skill name
  - should reject name starting with a number
  - should reject name with uppercase letters

  Tests: 18 passed, 18 total

Replaces

This module replaces two identical quick_check_skill.sh scripts:

• skills/design-md-agent/figma-wordpress-skill-creator/scripts/quick_check_skill.sh
• skills/design-md-agent/wordpress-plugin-packaging-review/scripts/quick_check_skill.sh

Related Issues

Closes #613 - Part of #616 (Epic: Migrate All Bash Scripts to JavaScript)

Test Plan

• Jest tests pass (18/18)
• All validation scenarios covered
• Edge cases tested (hyphens, numbers, uppercase)
• Placeholder detection tested with various patterns
• Package noise detection verified
• CommonJS compatibility confirmed

---

Generated by Claude Code

[coderabbitai]

Warning

Review limit reached

@ashleyshaw, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 36 minutes and 5 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: fb85ebb3-eb30-4a38-8482-c6419459fd44

📥 Commits

Reviewing files that changed from the base of the PR and between 6ab0306 and e78a9f5.

📒 Files selected for processing (2)

• scripts/skill-utils/__tests__/validateSkillStructure.test.js
• scripts/skill-utils/validateSkillStructure.js

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/inspiring-edison-dHVS4

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request introduces a new validation utility, validateSkillStructure.js, along with its corresponding test suite, to verify the directory structure, frontmatter, noise files, and placeholder text of a skill. The reviewer identified critical issues regarding security, portability, and performance due to the use of external shell commands (find and grep) via execSync. Additionally, they pointed out potential validation failures on Windows caused by CRLF line endings and provided a robust, pure Node.js alternative to resolve these concerns.

[gemini-code-assist]

Security, Portability, and Robustness Improvements

1. Security & Portability: Spawning external shell commands (find, grep, /bin/bash) via execSync introduces potential command injection vulnerabilities if skillDir contains shell metacharacters. Additionally, it makes the script non-portable, causing it to fail on Windows environments that lack these Unix utilities.
2. Performance: Spawning multiple shell processes is slow and resource-intensive compared to native Node.js file system operations.
3. CRLF Line Endings: Reading SKILL.md directly can cause validation failures on Windows because of CRLF (\r\n) line endings (e.g., firstLine !== "---" or regex matching with $ anchor).

This suggestion rewrites the module to use pure Node.js APIs for recursive directory traversal, noise checking, and placeholder detection, while also normalizing line endings to prevent Windows-specific failures.

const fs = require("fs");
const path = require("path");

function validateSkillStructure(skillDir, options = {}) {
  const { checkPlaceholders = true } = options;

  if (!fs.existsSync(skillDir)) {
    throw new Error("Skill directory not found");
  }

  const skillMd = path.join(skillDir, "SKILL.md");
  if (!fs.existsSync(skillMd)) {
    throw new Error("SKILL.md not found");
  }

  const agentYaml = path.join(skillDir, "agents/openai.yaml");
  if (!fs.existsSync(agentYaml)) {
    throw new Error("agents/openai.yaml not found");
  }

  // Normalize line endings to avoid CRLF issues on Windows
  const skillContent = fs.readFileSync(skillMd, "utf8").replace(/\r\n/g, "\n");
  const firstLine = skillContent.split("\n")[0];
  if (firstLine !== "---") {
    throw new Error("SKILL.md must start with YAML frontmatter");
  }

  const nameMatch = skillContent.match(/^name: [a-z][a-z0-9-]*$/m);
  if (!nameMatch) {
    throw new Error("frontmatter name must be lowercase hyphen-case");
  }

  if (!skillContent.match(/^description: /m)) {
    throw new Error("frontmatter description missing");
  }

  const nameLineMatch = skillContent.match(/^name: (.+)$/m);
  if (!nameLineMatch) {
    throw new Error("Could not parse name from SKILL.md");
  }

  const name = nameLineMatch[1].trim();
  const folderName = path.basename(skillDir);
  if (name !== folderName) {
    throw new Error("frontmatter name must match folder name");
  }

  const warnings = [];
  const excludePatterns = [
    "quick_check_skill.sh",
    "validateSkillStructure.js",
  ];

  // Recursive directory traversal for noise and placeholder checks
  function traverse(dir) {
    const entries = fs.readdirSync(dir, { withFileTypes: true });
    for (const entry of entries) {
      const fullPath = path.join(dir, entry.name);
      const entryName = entry.name;

      // Check noise patterns
      if (
        entryName === "__MACOSX" ||
        entryName === ".DS_Store" ||
        entryName === "__pycache__" ||
        entryName === "node_modules" ||
        entryName.endsWith(".pyc")
      ) {
        throw new Error("package noise found");
      }

      if (entry.isDirectory()) {
        traverse(fullPath);
      } else if (entry.isFile()) {
        if (excludePatterns.includes(entryName)) {
          continue;
        }
        if (checkPlaceholders) {
          try {
            const content = fs.readFileSync(fullPath, "utf8");
            const lines = content.split(/\r?\n/);
            for (let i = 0; i < lines.length; i++) {
              const line = lines[i];
              if (
                line.includes("TODO") ||
                line.includes("placeholder") ||
                line.includes("Replace with")
              ) {
                warnings.push(fullPath + ":" + line.trim());
              }
            }
          } catch {
            // Ignore binary files or read errors
          }
        }
      }
    }
  }

  traverse(skillDir);

  const formattedWarnings = [];
  if (warnings.length > 0) {
    const lines = warnings.slice(0, 20);
    formattedWarnings.push("possible placeholder text found:\n" + lines.join("\n"));
  }

  return {
    valid: true,
    name,
    folderName,
    warnings: formattedWarnings,
  };
}

module.exports = { validateSkillStructure };

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.