Skip to main content

hatch

Hatch provisions cloud VMs for development, enabling project creation, feature branching, and deployment with GitHub, Vercel, and Convex integration.

Install this skill

or
10/100

Security score

The hatch skill was audited on Feb 27, 2026 and we found 50 security issues across 1 threat category. Review the findings below before installing.

Categories Tested

Security Issues

medium line 12

Access to hidden dotfiles in home directory

SourceSKILL.md
12Hatch is installed at `~/.hatch-cli`. All commands must be run from that directory using `pnpm dev`.
low line 18

Access to hidden dotfiles in home directory

SourceSKILL.md
18cd ~/.hatch-cli && pnpm dev list --json
low line 24

Access to hidden dotfiles in home directory

SourceSKILL.md
24cd ~/.hatch-cli && pnpm dev status --json
low line 37

Access to hidden dotfiles in home directory

SourceSKILL.md
37cd ~/.hatch-cli && pnpm dev new <project-name> --dry-run
low line 38

Access to hidden dotfiles in home directory

SourceSKILL.md
38cd ~/.hatch-cli && pnpm dev new <project-name> --confirm <token>
low line 50

Access to hidden dotfiles in home directory

SourceSKILL.md
50cd ~/.hatch-cli && pnpm dev feature <name> --project <project> --dry-run
low line 51

Access to hidden dotfiles in home directory

SourceSKILL.md
51cd ~/.hatch-cli && pnpm dev feature <name> --project <project> --confirm <token>
low line 63

Access to hidden dotfiles in home directory

SourceSKILL.md
63cd ~/.hatch-cli && pnpm dev spike <name> --project <project> --prompt "<instructions>" --dry-run
low line 64

Access to hidden dotfiles in home directory

SourceSKILL.md
64cd ~/.hatch-cli && pnpm dev spike <name> --project <project> --prompt "<instructions>" --confirm <token>
low line 78

Access to hidden dotfiles in home directory

SourceSKILL.md
78cd ~/.hatch-cli && pnpm dev progress <feature> --project <project>
low line 89

Access to hidden dotfiles in home directory

SourceSKILL.md
89cd ~/.hatch-cli && pnpm dev clean <name> --project <project> --dry-run
low line 90

Access to hidden dotfiles in home directory

SourceSKILL.md
90cd ~/.hatch-cli && pnpm dev clean <name> --project <project> --confirm <token>
low line 101

Access to hidden dotfiles in home directory

SourceSKILL.md
101cd ~/.hatch-cli && pnpm dev add <project-name>
low line 107

Access to hidden dotfiles in home directory

SourceSKILL.md
107cd ~/.hatch-cli && pnpm dev clone --project <name> [--path <dir>] [--pull] [--json]
low line 113

Access to hidden dotfiles in home directory

SourceSKILL.md
113cd ~/.hatch-cli && pnpm dev connect
low line 119

Access to hidden dotfiles in home directory

SourceSKILL.md
119cd ~/.hatch-cli && pnpm dev config
medium line 126

Access to hidden dotfiles in home directory

SourceSKILL.md
126- `--project <name>` - Create per-project config at `~/.hatch/configs/<name>.json`
medium line 130

Access to hidden dotfiles in home directory

SourceSKILL.md
130Per-project configs live at `~/.hatch/configs/<project-name>.json`. Commands with `--project` auto-resolve the right config.
low line 134

Access to hidden dotfiles in home directory

SourceSKILL.md
134cd ~/.hatch-cli && pnpm dev config --project my-app
low line 137

Access to hidden dotfiles in home directory

SourceSKILL.md
137cd ~/.hatch-cli && pnpm dev config list --json
low line 140

Access to hidden dotfiles in home directory

SourceSKILL.md
140cd ~/.hatch-cli && pnpm dev config check --project my-app --json
low line 143

Access to hidden dotfiles in home directory

SourceSKILL.md
143cd ~/.hatch-cli && pnpm dev config-push <ssh-host> --project my-app
medium line 146

Access to hidden dotfiles in home directory

SourceSKILL.md
146When `--project` is provided on feature/spike/clean commands, the matching config is used automatically. Falls back to `~/.hatch.json` if no project-specific config exists.
low line 150

Access to hidden dotfiles in home directory

SourceSKILL.md
150cd ~/.hatch-cli && pnpm dev update
low line 208

Access to hidden dotfiles in home directory

SourceSKILL.md
208cd ~/.hatch-cli && pnpm dev list --json
low line 216

Access to hidden dotfiles in home directory

SourceSKILL.md
216cd ~/.hatch-cli && pnpm dev spike <feature> --project <project> --continue <vm-name> --prompt "additional changes"
medium line 280

Access to hidden dotfiles in home directory

SourceSKILL.md
280Generated projects include structured logging. In development, the server logger writes JSON log entries to `~/.harness/logs/app.jsonl` on the VM.
medium line 327

Access to hidden dotfiles in home directory

SourceSKILL.md
327- Which project and config will be used (`~/.hatch/configs/<name>.json` or `~/.hatch.json`)
medium line 336

Access to hidden dotfiles in home directory

SourceSKILL.md
336- **Cross-check project names**: The `--project` value must match both the project name in `hatch list` and the config filename in `~/.hatch/configs/`. Mismatches mean wrong credentials.
low line 346

Access to hidden dotfiles in home directory

SourceSKILL.md
346cd ~/.hatch-cli && pnpm dev config list --json
low line 348

Access to hidden dotfiles in home directory

SourceSKILL.md
348# 2. Show the human: "I'll create project 'my-app' using config ~/.hatch/configs/my-app.json
low line 352

Access to hidden dotfiles in home directory

SourceSKILL.md
352cd ~/.hatch-cli && pnpm dev new my-app --dry-run
low line 355

Access to hidden dotfiles in home directory

SourceSKILL.md
355cd ~/.hatch-cli && pnpm dev new my-app --confirm <token>
low line 362

Access to hidden dotfiles in home directory

SourceSKILL.md
362cd ~/.hatch-cli && pnpm dev list --json
low line 363

Access to hidden dotfiles in home directory

SourceSKILL.md
363cd ~/.hatch-cli && pnpm dev config check --project my-app --json
low line 366

Access to hidden dotfiles in home directory

SourceSKILL.md
366# using config ~/.hatch/configs/my-app.json (GitHub: org/my-app, Convex: my-app).
low line 370

Access to hidden dotfiles in home directory

SourceSKILL.md
370cd ~/.hatch-cli && pnpm dev feature my-feature --project my-app --dry-run
low line 373

Access to hidden dotfiles in home directory

SourceSKILL.md
373cd ~/.hatch-cli && pnpm dev feature my-feature --project my-app --confirm <token>
low line 380

Access to hidden dotfiles in home directory

SourceSKILL.md
380cd ~/.hatch-cli && pnpm dev list --json
low line 381

Access to hidden dotfiles in home directory

SourceSKILL.md
381cd ~/.hatch-cli && pnpm dev config check --project my-app --json
low line 384

Access to hidden dotfiles in home directory

SourceSKILL.md
384# using config ~/.hatch/configs/my-app.json.
low line 389

Access to hidden dotfiles in home directory

SourceSKILL.md
389cd ~/.hatch-cli && pnpm dev spike my-feature --project my-app --prompt "Add contact form" --dry-run
low line 409

Access to hidden dotfiles in home directory

SourceSKILL.md
409cd ~/.hatch-cli && pnpm dev spike my-feature --project my-app --prompt "<final approved prompt>" --confirm <token>
low line 412

Access to hidden dotfiles in home directory

SourceSKILL.md
412cd ~/.hatch-cli && pnpm dev status --project my-app --json
low line 421

Access to hidden dotfiles in home directory

SourceSKILL.md
421cd ~/.hatch-cli && pnpm dev clean my-feature --project my-app --dry-run
low line 422

Access to hidden dotfiles in home directory

SourceSKILL.md
422cd ~/.hatch-cli && pnpm dev clean my-feature --project my-app --confirm <token>
low line 428

Access to hidden dotfiles in home directory

SourceSKILL.md
428cd ~/.hatch-cli && pnpm dev spike my-feature --project my-app --prompt "Add contact form" --wait --json
medium line 434

Access to hidden dotfiles in home directory

SourceSKILL.md
434Spikes use the `anthropicApiKey` from the project config (`~/.hatch/configs/<name>.json`). The key is injected inline via the SSH command — it is not written to the VM environment, so interactive `cla
medium line 442

Access to hidden dotfiles in home directory

SourceSKILL.md
4424. Or clean up with `cd ~/.hatch-cli && pnpm dev clean` and try again
medium line 447

Access to hidden dotfiles in home directory

SourceSKILL.md
447- For auth failures: update `anthropicApiKey` in the project config (`~/.hatch/configs/<name>.json`) and retry
Scanned on Feb 27, 2026
View Security Dashboard
Installation guide →
GitHub Stars 2
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
claude-codedevopsbackenddevops-srebackend-developerfullstack-developerproduct-managerproject-managergithubverceldevelopmentproductproject management
diegosouzapw/awesome-omni-skill