@ki_young_ju

For vibe coders:https://t.co/lYlaCQ18g1 is the law your agent must follow.

If it's naive, the agent trusts everything and leaks everything to hackers.https://t.co/CNh9dLb29Z scans and fixes https://t.co/lYlaCQ18g1 security issues in 30 seconds. It found 15 security issues in… https://t.co/QRE8LCH1k7 pic.twitter.com/SBCc3bWoJP

— Ki Young Ju (@ki_young_ju) 7 février 2026

For vibe coders: claude.md is the law your agent must follow. If it's naive, the agent trusts everything and leaks everything to hackers. AgentLinter.com scans and fixes claude.md security issues in 30 seconds. It found 15 security issues in my agent. Highly recommend if you're running OpenClaw. Simon Kim (@simonkim_nft) AgentLinter is here! Is your agent sharp & secure? I built AgentLinter, a linter for CLAUDE.md and agent config files. Here's why. agentlinter.com Whether you're vibe-coding or agent-coding, your AI's output quality comes down to one thing: how well you wrote your CLAUDE.md. But managing these files properly? Way harder than it looks. 🎯 The Silent Failure Problem Vague instructions like "write good code" let the agent interpret however it wants. Output gets inconsistent, but nothing throws an error. The failure is silent. Anthropic's own docs say write "Use 2-space indentation" not "Format code properly." But as the file grows, spotting these with your eyes alone is nearly impossible. 🔐 The Security Problem People hard-code API keys and tokens directly into CLAUDE.md or TOOLS.md and commit them, way more often than you'd think. AgentLinter stats show 1 in 5 workspaces has exposed credentials. .gitignore doesn't catch secrets buried inside markdown files. 💥 The Consistency Problem Multiple config files = contradictions. SOUL.md says "be a friendly assistant," CLAUDE.md says "concise, direct tone." The agent gets confused. TOOLS.md references files that don't exist. Past 5 files, these conflicts triple. So I thought: CLAUDE.md is code. Code has ESLint. Why doesn't this have a linter? 🔍 What AgentLinter Does It diagnoses your agent config across 8 categories: 1) Structure: file organization 2) Clarity: instruction specificity 3) Completeness: missing definitions 4) Security: exposed secrets 5) Consistency: cross-file contradictions 6) Memory: session handoff 7) Runtime Config: gateway/auth settings 8) Skill Safety: dangerous shell commands & injection patterns Each scored 0–100 with concrete fix suggestions. Write "be helpful" and it tells you to specify response length, tone, and format. Find an API key? Instant CRITICAL alert to rotate. 🔒 Privacy-First & 100% Local Everything runs on your machine. Files never leave. Only the results are shared, and you can turn that off in settings. This matters — these files can contain system prompts, security rules, and personal context. Fully open source, MIT license, 100% free. 🛠️ Multi-Tool Support Works with Claude Code, Cursor, Windsurf, and Clawdbot. Detects CLAUDE.md for project mode, AGENTS.md or clawdbot.json for agent mode and adjusts diagnostics automatically. 🚀 Get Started with one line npx agentlinter Node.js 18+, no config needed. Run it, check your score, fix what needs fixing. Happy vibe-coding & happy agent life! 🤙 Website: agentlinter.com Github: github.com/seojoonkim/agentl… — https://nitter.net/simonkim_nft/status/2020004197693845716#m

→ View original post on X — @ki_young_ju, 2026-02-07 15:46 UTC