dotfiles

Provides expert guidance for managing dotfiles using GNU Stow, enhancing shell and editor configurations for developers.

Install this skill

or

0/100

Security score

The dotfiles skill was audited on Apr 14, 2026 and we found 35 security issues across 3 threat categories, including 2 critical. Review the findings below before installing.

Categories Tested

Security Issues

critical line 213

Access to SSH directory

SourceSKILL.md

211	These should NEVER be in the repository:
212	- Passwords and API keys
213	- SSH keys (~/.ssh/)
214	- GPG keys (~/.gnupg/)
215	- Session tokens

high line 246

Access to SSH directory

SourceSKILL.md

244	Sensitive files should have restricted permissions:
245	```bash
246	chmod 400 ~/.ssh/id_*
247	chmod 600 ~/.env
248	```

critical line 214

Access to GPG keys directory

SourceSKILL.md

212	- Passwords and API keys
213	- SSH keys (~/.ssh/)
214	- GPG keys (~/.gnupg/)
215	- Session tokens
216

medium line 3

Access to home directory dotfiles

SourceSKILL.md

1	---
2	name: dotfiles
3	description: Expert in managing dotfiles using GNU Stow. Use when working with stow (symlinks, conflicts, .stow-local-ignore, .stowrc, restow), shell configs (zsh, oh-my-zsh, bash, .zshrc, aliases, plugins), editors (neovim, nvim, vscode), terminal tools (tmux, ghostty), prompts (starship), CLI replacements (eza, bat, fzf, zoxide, lazygit, atuin, direnv, television, glow), keyboard (karabiner), secrets (bitwarden-cli), nushell integration, XDG Base Directory compliance, Catppuccin theming, or any configuration in ~/.config. Also covers setup scripts (setup.sh, setup_archlinux.sh, Brewfile), lazy loading patterns, and this specific dotfiles repository structure.
4	user-invocable: true
5	argument-hint: [self-update]

medium line 36

Access to home directory dotfiles

SourceSKILL.md

34	- `--dotfiles` - `dot-` prefix converts to `.`
35
36	Example: `dot-zshrc` becomes `~/.zshrc`
37	</critical>
38

low line 53

Access to home directory dotfiles

SourceSKILL.md

51	│ └── Brewfile # Package manifest
52	├── dotfiles/ # Stow source directory
53	│ ├── dot-zshrc # -> ~/.zshrc
54	│ ├── dot-zprofile # -> ~/.zprofile
55	│ ├── dot-config/ # -> ~/.config/

low line 54

Access to home directory dotfiles

SourceSKILL.md

52	├── dotfiles/ # Stow source directory
53	│ ├── dot-zshrc # -> ~/.zshrc
54	│ ├── dot-zprofile # -> ~/.zprofile
55	│ ├── dot-config/ # -> ~/.config/
56	│ │ ├── nvim/ # Neovim (lazy.nvim)

low line 55

Access to home directory dotfiles

SourceSKILL.md

53	│ ├── dot-zshrc # -> ~/.zshrc
54	│ ├── dot-zprofile # -> ~/.zprofile
55	│ ├── dot-config/ # -> ~/.config/
56	│ │ ├── nvim/ # Neovim (lazy.nvim)
57	│ │ ├── tmux/ # Tmux + TPM

low line 69

Access to home directory dotfiles

SourceSKILL.md

67	│ │ ├── karabiner/ # Keyboard mods
68	│ │ └── nushell/ # Nushell config
69	│ ├── dot-claude/ # -> ~/.claude/
70	│ │ ├── settings.json # Claude Code settings
71	│ │ ├── statusline.sh # Token usage tracker

low line 89

Access to home directory dotfiles

SourceSKILL.md

87
88	# Reload configurations
89	source ~/.zshrc # Shell changes
90	tmux source-file ~/.config/tmux/tmux.conf # Tmux changes
91

low line 90

Access to home directory dotfiles

SourceSKILL.md

88	# Reload configurations
89	source ~/.zshrc # Shell changes
90	tmux source-file ~/.config/tmux/tmux.conf # Tmux changes
91
92	# Neovim

medium line 194

Access to home directory dotfiles

SourceSKILL.md

192	\| Tool \| Old Path \| New Path \|
193	\|------\|----------\|----------\|
194	\| zsh history \| `~/.zsh_history` \| `$XDG_STATE_HOME/zsh/history` \|
195	\| Oh-My-Zsh \| `~/.oh-my-zsh` \| `$XDG_DATA_HOME/oh-my-zsh` \|
196	\| NVM \| `~/.nvm` \| `$XDG_DATA_HOME/nvm` \|

medium line 195

Access to home directory dotfiles

SourceSKILL.md

193	\|------\|----------\|----------\|
194	\| zsh history \| `~/.zsh_history` \| `$XDG_STATE_HOME/zsh/history` \|
195	\| Oh-My-Zsh \| `~/.oh-my-zsh` \| `$XDG_DATA_HOME/oh-my-zsh` \|
196	\| NVM \| `~/.nvm` \| `$XDG_DATA_HOME/nvm` \|
197	\| zsh-evalcache \| `~/.zsh-evalcache` \| `$XDG_CACHE_HOME/zsh-evalcache` \|

medium line 196

Access to home directory dotfiles

SourceSKILL.md

194	\| zsh history \| `~/.zsh_history` \| `$XDG_STATE_HOME/zsh/history` \|
195	\| Oh-My-Zsh \| `~/.oh-my-zsh` \| `$XDG_DATA_HOME/oh-my-zsh` \|
196	\| NVM \| `~/.nvm` \| `$XDG_DATA_HOME/nvm` \|
197	\| zsh-evalcache \| `~/.zsh-evalcache` \| `$XDG_CACHE_HOME/zsh-evalcache` \|
198

medium line 197

Access to home directory dotfiles

SourceSKILL.md

195	\| Oh-My-Zsh \| `~/.oh-my-zsh` \| `$XDG_DATA_HOME/oh-my-zsh` \|
196	\| NVM \| `~/.nvm` \| `$XDG_DATA_HOME/nvm` \|
197	\| zsh-evalcache \| `~/.zsh-evalcache` \| `$XDG_CACHE_HOME/zsh-evalcache` \|
198
199	### Verification

medium line 213

Access to home directory dotfiles

SourceSKILL.md

211	These should NEVER be in the repository:
212	- Passwords and API keys
213	- SSH keys (~/.ssh/)
214	- GPG keys (~/.gnupg/)
215	- Session tokens

medium line 214

Access to home directory dotfiles

SourceSKILL.md

212	- Passwords and API keys
213	- SSH keys (~/.ssh/)
214	- GPG keys (~/.gnupg/)
215	- Session tokens
216

low line 221

Access to home directory dotfiles

SourceSKILL.md

219	Load secrets from secure sources:
220	```zsh
221	# In dot-zshrc - loads ~/.env if it exists
222	if [[ -f ~/.env ]]; then
223	while IFS= read -r line \|\| [[ -n "$line" ]]; do

low line 222

Access to home directory dotfiles

SourceSKILL.md

220	```zsh
221	# In dot-zshrc - loads ~/.env if it exists
222	if [[ -f ~/.env ]]; then
223	while IFS= read -r line \|\| [[ -n "$line" ]]; do
224	if [[ -n "$line" && ! "$line" =~ ^[[:space:]]*# ]]; then

low line 227

Access to home directory dotfiles

SourceSKILL.md

225	export "$line"
226	fi
227	done < ~/.env
228	fi
229	```

low line 246

Access to home directory dotfiles

SourceSKILL.md

244	Sensitive files should have restricted permissions:
245	```bash
246	chmod 400 ~/.ssh/id_*
247	chmod 600 ~/.env
248	```

low line 247

Access to home directory dotfiles

SourceSKILL.md

245	```bash
246	chmod 400 ~/.ssh/id_*
247	chmod 600 ~/.env
248	```
249	</security>

low line 266

Access to home directory dotfiles

SourceSKILL.md

264	3. Reload the relevant configuration
265	```bash
266	source ~/.zshrc # For shell changes
267	tmux source ~/.config/tmux/tmux.conf # For tmux
268	# Neovim auto-reloads on file save

low line 267

Access to home directory dotfiles

SourceSKILL.md

265	```bash
266	source ~/.zshrc # For shell changes
267	tmux source ~/.config/tmux/tmux.conf # For tmux
268	# Neovim auto-reloads on file save
269	```

low line 285

Access to home directory dotfiles

SourceSKILL.md

283	1. Create the file with `dot-` prefix:
284	```bash
285	# For ~/.newconfig
286	touch dotfiles/dot-newconfig
287

low line 288

Access to home directory dotfiles

SourceSKILL.md

286	touch dotfiles/dot-newconfig
287
288	# For ~/.config/app/config
289	mkdir -p dotfiles/dot-config/app
290	touch dotfiles/dot-config/app/config

medium line 329

Access to home directory dotfiles

SourceSKILL.md

327	\|------\|-------\|-------\|
328	\| Homebrew \| `/opt/homebrew/` \| `/home/linuxbrew/` \|
329	\| VSCode settings \| `~/Library/Application Support/Code/` \| `~/.config/Code/` \|
330	\| Ghostty config \| Both use `~/.config/ghostty/` \| Same \|
331	</platform>

medium line 330

Access to home directory dotfiles

SourceSKILL.md

328	\| Homebrew \| `/opt/homebrew/` \| `/home/linuxbrew/` \|
329	\| VSCode settings \| `~/Library/Application Support/Code/` \| `~/.config/Code/` \|
330	\| Ghostty config \| Both use `~/.config/ghostty/` \| Same \|
331	</platform>
332

high line 236

Instruction to extract credentials

SourceSKILL.md

234	```bash
235	bw-unlock # Unlock vault, export BW_SESSION
236	bwp "GitHub Token" # Get password by name
237	bwc "API Key" # Copy to clipboard
238	```

high line 3

Shell profile modification

SourceSKILL.md

1	---
2	name: dotfiles
3	description: Expert in managing dotfiles using GNU Stow. Use when working with stow (symlinks, conflicts, .stow-local-ignore, .stowrc, restow), shell configs (zsh, oh-my-zsh, bash, .zshrc, aliases, plugins), editors (neovim, nvim, vscode), terminal tools (tmux, ghostty), prompts (starship), CLI replacements (eza, bat, fzf, zoxide, lazygit, atuin, direnv, television, glow), keyboard (karabiner), secrets (bitwarden-cli), nushell integration, XDG Base Directory compliance, Catppuccin theming, or any configuration in ~/.config. Also covers setup scripts (setup.sh, setup_archlinux.sh, Brewfile), lazy loading patterns, and this specific dotfiles repository structure.
4	user-invocable: true
5	argument-hint: [self-update]

high line 16

Shell profile modification

SourceSKILL.md

14	\| Topic \| File \| Use When \|
15	\|-------\|------\|----------\|
16	\| Zsh/Shell \| [ZSH.md](ZSH.md) \| Editing .zshrc, aliases, plugins, Oh-My-Zsh \|
17	\| Neovim \| [NEOVIM.md](NEOVIM.md) \| Editing nvim config, adding plugins, LSP \|
18	\| Starship \| [STARSHIP.md](STARSHIP.md) \| Customizing prompt, modules, palettes \|

high line 36

Shell profile modification

SourceSKILL.md

34	- `--dotfiles` - `dot-` prefix converts to `.`
35
36	Example: `dot-zshrc` becomes `~/.zshrc`
37	</critical>
38

medium line 53

Shell profile modification

SourceSKILL.md

51	│ └── Brewfile # Package manifest
52	├── dotfiles/ # Stow source directory
53	│ ├── dot-zshrc # -> ~/.zshrc
54	│ ├── dot-zprofile # -> ~/.zprofile
55	│ ├── dot-config/ # -> ~/.config/

medium line 89

Shell profile modification

SourceSKILL.md

87
88	# Reload configurations
89	source ~/.zshrc # Shell changes
90	tmux source-file ~/.config/tmux/tmux.conf # Tmux changes
91

medium line 266

Shell profile modification

SourceSKILL.md

264	3. Reload the relevant configuration
265	```bash
266	source ~/.zshrc # For shell changes
267	tmux source ~/.config/tmux/tmux.conf # For tmux
268	# Neovim auto-reloads on file save

Scanned on Apr 14, 2026

View Security Dashboard

Installation guide →

GitHub Stars 1

Rate this skill

Categorydevelopment

UpdatedMay 1, 2026

openclaw backend devops devops-sre backend-developer frontend-developer development

Raphael67/dotfiles