From magic-powers
Use when updating packages, auditing vulnerabilities, managing version pinning, or evaluating new dependencies
npx claudepluginhub kienbui1995/magic-powers --plugin magic-powersThis skill uses the workspace's default tool permissions.
Every dependency is a liability — it can break, have vulnerabilities, or become unmaintained. Be deliberate about what you add and keep it updated.
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
Every dependency is a liability — it can break, have vulnerabilities, or become unmaintained. Be deliberate about what you add and keep it updated.
Do I really need this package?
├── Can I write it in <50 lines? → Write it yourself
├── Is it a core utility (lodash for 1 function)? → Import just that function or skip
├── Check: maintained? >1000 weekly downloads? Recent commits? → No? Skip it
└── Yes to all → Add it, pin the version
| Environment | Strategy | Example |
|---|---|---|
| App (deployed) | Pin exact | "express": "4.18.2" |
| Library (published) | Range | "express": "^4.18.0" |
| Lock file | Always commit | package-lock.json, poetry.lock |
# Node.js
npm audit
npm audit fix
# Python
pip-audit
safety check
# General
snyk test
Schedule: Run npm audit / pip-audit weekly in CI. Block merges on critical/high vulnerabilities.
depcheck, pip-extra-reqs)