workers-best-practices
The workers-best-practices skill assists developers in writing and reviewing Cloudflare Workers code by enforcing production standards, identifying anti-patterns, and validating configuration files against current documentation.
Is workers-best-practices safe to install?
Review the source first: our audit of workers-best-practices's source files found 4 shell commands, 2 external URLs, file reads and writes (high risk). Every command and URL listed appears verbatim in the skill's source. The skill executes shell commands to fetch external packages and run CLI tools, and it reads local project files including configuration and source code.
How we audit skills: our security review methodology.
Who is this skill for?
Developers building, reviewing, or configuring Cloudflare Workers.
What can you do with it?
- Reviewing Worker code for anti-patterns like floating promises or global state.
- Validating wrangler.jsonc configuration files.
- Ensuring correct usage of Cloudflare Workers APIs and binding types.
- Checking security practices such as crypto usage and secret handling.
How good is this skill?
Quality score: 9/10. The skill provides clear, actionable rules and a structured workflow. It correctly emphasizes retrieval over static knowledge. The tool surface is well-defined.
What does the skill file contain?
Your knowledge of Cloudflare Workers APIs, types, and configuration may be outdated. **Prefer retrieval over pre-training** for any Workers code task — writing or reviewing. ## Retrieval Sources Fetch the **latest** versions before writing or reviewing Workers code. Do not rely on baked-in knowledge for API signatures, config fields, or binding shapes. | Source | How to retrieve | Use for | |--------|----------------|---------| | Workers best practices | Fetch `https://developers.cloudflare.com/workers/best-practices/workers-best-practices/` | Canonical rules, patterns, anti-patterns | | Wo...
Frequently asked questions
Does this skill rely on pre-trained knowledge for API signatures?
No. The skill mandates fetching the latest versions of Workers types and documentation to avoid reliance on outdated pre-trained information.
How should I handle secrets in my Worker configuration?
Use the wrangler secret put command. Never hardcode secrets in configuration files or source code.
What should I do if I encounter a floating promise?
Ensure every Promise is awaited, returned, voided, or passed to ctx.waitUntil().
Related skills
openclaw-secure-linux-cloud
270.1KUsers deploying OpenClaw on remote Linux cloud servers or VMs who require secure, hardened configurations
This skill provides a secure deployment and hardening framework for self-hosting OpenClaw on Linux cloud servers. It prioritizes private control planes, loopback binding, and SSH tunneling over public exposure.
find-skills
225.2KUsers and AI agents seeking to discover, evaluate, and install third-party agent skills from public registries
The find-skills skill searches multiple agent skill registries (skills.sh, clawhub.ai, and GitHub) in parallel to help users discover, vet, and install relevant agent capabilities. It provides a comparative report based on native popularity metrics, performs a heuristic security scan on top candidates, and flags skills already present on the user's system.
caveman-review
219.4KDevelopers and reviewers who prefer terse, actionable feedback on code changes
The caveman-review skill generates concise, one-line code review comments for pull requests. It enforces a strict format of location, problem, and fix to reduce noise in feedback.
requesting-code-review
164.6KDevelopers using subagent-driven development workflows who need to verify code quality and requirements adherence
This skill provides a structured process for dispatching a subagent to perform code reviews on specific git commits. It mandates reviews after task completion, feature implementation, and before merging code.