Open CLI

shellcheck

scriptablesecurity
$ brew install shellcheck
Summary

Shell linting, bash safety, and script review from the terminal.

  • shellcheck fits infra well, especially for shell linting, bash safety, and script review from the terminal.
  • 25,883 homebrew installs (30d).
  • Easy to automate.
  • Good fit for coding-agent workflows and repeatable scripts.
  • Output is mostly text-first, so verify results before scripting around it.
infra-shellcheck-SKILL.md

Shellcheck guide

Shell linting, bash safety, and script review from the terminal. Built by koalaman.

Open CLI packages the install path, verify step, and safe-start workflow so this tool can move from “interesting CLI” to something you can actually use. It also integrates with skills.sh so each CLI comes with the right companion skills, not just a binary and a docs link.

When to apply

  • shell linting, bash safety, and script review from the terminal.
  • You need security scanning in both local dev and CI.
  • You need shell linting.
  • You need bash safety.
  • You need script review.

Quick reference

Installbrew install shellcheck
Verifyshellcheck --version
First real commandshellcheck script.sh

Open CLI × skills.sh

Open CLI integrates shellcheck with the right skills.sh companions so you get the tool and the workflow together.

Security Best Practices

Recommended pairing

Open CLI recommends this skills.sh skill because it fits security workflows. Add safer defaults when a CLI touches secrets, auth, or sensitive systems.

View on skills.sh
$ npx skills add https://github.com/supercent-io/skills-template --skill security-best-practices
Starter prompt

Use shellcheck together with the Security Best Practices skills.sh skill. Start with inspection or dry-run commands, summarize any risk, and ask before actions with side effects.

Also useful from skills.sh
Code Reviewskills.shDebuggingskills.sh

Why this tool

  • shellcheck fits infra well, especially for shell linting, bash safety, and script review from the terminal.
  • 25,883 homebrew installs (30d).
  • Easy to automate.

Watch-outs

  • Output is mostly plain text.

Example workflow

1. shellcheck script.sh

Safe start

Step 1

Install shellcheck.

Step 2

Run `shellcheck --version` first.

Step 3

Start with `shellcheck script.sh`.

Step 4

Install the infra CLI and verify kubeconfig, Docker context, or cloud credentials.

Alternatives worth considering

vault

Secrets, identity, and pki from the terminal.

trivy

Image scanning, vulns, and iac checks from the terminal.

semgrep

Static analysis, security scanning, and code rules from the terminal.