OpenSkillIndex← back to search
claude-codedevelopment

Marketplace common-pitfalls

Orchestrates pitfall prevention skills for common development issues. Auto-triggered during code review to check for TanStack Query, Drizzle ORM, Express API, React, WebSocket, blockchain RPC, and security pitfalls.

install
source · Clone the upstream repo
git clone https://github.com/aiskillstore/marketplace
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/aiskillstore/marketplace "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/barissozen/common-pitfalls" ~/.claude/skills/aiskillstore-marketplace-common-pitfalls && rm -rf "$T"
manifest: skills/barissozen/common-pitfalls/SKILL.md
tags
#code-review#security#automation#react#express
source content

Common Pitfalls Prevention

Orchestrates specialized pitfall prevention skills learned from production issues. Use during code review to automatically check for common mistakes.

When to Use

  • During code review (auto-triggered by full-review skill)
  • Before committing changes
  • When debugging production issues
  • Reviewing unfamiliar code patterns

Workflow

Step 1: Identify Code Categories

Based on changed files, determine which sub-skills to invoke:

File PatternSub-Skill
**/hooks/**
, 
useQuery
, 
useMutation
pitfalls-tanstack-query
**/db/**
, 
schema.ts
, 
drizzle
pitfalls-drizzle-orm
**/routes/**
, 
router.
, 
app.
pitfalls-express-api
**/components/**
, 
**/pages/**
, 
.tsx
pitfalls-react
websocket
, 
wss
, 
ws.
pitfalls-websocket
contract
, 
rpc
, 
multicall
, 
gas
pitfalls-blockchain
session
, 
key
, 
cache
, 
log
pitfalls-security

Step 2: Invoke Relevant Sub-Skills

For each category found, invoke the corresponding skill for detailed patterns.

Step 3: Generate Combined Report

Aggregate findings from all invoked sub-skills.

Sub-Skills Reference

SkillFocus Area
pitfalls-tanstack-queryQuery keys, invalidation, v5 patterns
pitfalls-drizzle-ormSchema types, migrations, array columns
pitfalls-express-apiRoutes, status codes, storage patterns
pitfalls-reactComponents, forms, a11y, responsive
pitfalls-websocketServer setup, heartbeat, reconnection
pitfalls-blockchainRPC errors, gas, multicall, nonces
pitfalls-securitySession keys, caching, logging, secrets

Quick Reference Checklist

Core

  • TanStack Query keys use full URL paths
  • Mutations invalidate relevant queries
  • Drizzle types exported for all models
  • API routes return correct status codes
  • All RPC calls wrapped in try/catch
  • WebSocket has heartbeat/reconnection
  • React components handle loading/error states
  • No secrets in logs or frontend code

Type Safety

  • No 
    any
    types - use 
    unknown
    and narrow
  • Types inferred from schema ($inferSelect, z.infer)
  • Type guards for runtime validation

Financial

  • BigInt for all token amounts
  • Decimal.js for price calculations
  • Proper rounding (floor/ceil)

Blockchain

  • Gas estimation with buffer
  • EIP-1559 gas pricing
  • Transaction simulation before send
  • Multicall uses 
    allowFailure: true

Security

  • Session keys have expiry and limits
  • AES-256-GCM for stored credentials
  • Audit logging for sensitive operations
  • Rate limiting with exponential backoff