Comprehensive guidance for configuring and using ShellCheck to improve shell script quality, catch common pitfalls, and enforce best practices through static code analysis.
Confirm successful installation by checking the skill directory location:
.cursor/skills/shellcheck-configuration
Restart Cursor to activate shellcheck-configuration. Access via /shellcheck-configuration in your agent's command palette.
β
Security Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Comprehensive guidance for configuring and using ShellCheck to improve shell script quality, catch common pitfalls, and enforce best practices through static code analysis.
Do not use this skill when
The task is unrelated to shellcheck configuration and static analysis
You need a different domain or tool outside this scope
Instructions
Clarify goals, constraints, and required inputs.
Apply relevant best practices and validate outcomes.
Provide actionable steps and verification.
If detailed examples are required, open resources/implementation-playbook.md.
Use this skill when
Setting up linting for shell scripts in CI/CD pipelines
Analyzing existing shell scripts for issues
Understanding ShellCheck error codes and warnings
Configuring ShellCheck for specific project requirements
Integrating ShellCheck into development workflows
Suppressing false positives and configuring rule sets
Enforcing consistent code quality standards
Migrating scripts to meet quality gates
ShellCheck Fundamentals
What is ShellCheck?
ShellCheck is a static analysis tool that analyzes shell scripts and detects problematic patterns. It supports:
Bash, sh, dash, ksh, and other POSIX shells
Over 100 different warnings and errors
Configuration for target shell and flags
Integration with editors and CI/CD systems
Installation
# macOS with Homebrewbrew installshellcheck# Ubuntu/Debianapt-getinstallshellcheck# From sourcegit clone https://github.com/koalaman/shellcheck.git
cdshellcheckmake build
makeinstall# Verify installationshellcheck--version
# SC1004: Backslash continuation not followed by newlineecho hello\world # Error - needs line continuation# SC1008: Invalid data for operator `=='if[[$var="value"]];then# Space before ==truefi
SC2000-2099: Shell Issues
# SC2009: Consider using pgrep or pidof instead of grep|grepps aux |grep-vgrep|grep myprocess # Use pgrep instead# SC2012: Use `ls` only for viewing. Use `find` for reliable outputforfilein$(ls-la)# Better: use find or globbing# SC2015: Avoid using && and || instead of if-then-else[[-f"$file"]]&&echo"found"||echo"not found"# Less clear# SC2016: Expressions don't expand in single quotesecho'$VAR'# Literal $VAR, not variable expansion# SC2026: This word is non-standard. Set POSIXLY_CORRECT# when using with scripts for other shells
SC2100-2199: Quoting Issues
# SC2086: Double quote to prevent globbing and word splittingforiin$list;do# Should be: for i in $list or for i in "$list"echo"$i"done# SC2115: Literal tilde in path not expanded. Use $HOME instead~/.bashrc # In strings, use "$HOME/.bashrc"# SC2181: Check exit code directly with `if`, not indirectly in a listsome_command
if[$?-eq0];then# Better: if some_command; then# SC2206: Quote to prevent word splitting or set IFSarray=($items)# Should use: array=( $items )
SC3000-3999: POSIX Compliance Issues
# SC3010: In POSIX sh, use 'case' instead of 'cond && foo'[[$var=="value"]]&& do_something # Not POSIX# SC3043: In POSIX sh, use 'local' is undefinedfunctionmy_func(){localvar=value # Not POSIX in some shells}
Practical Configuration Examples
Minimal Configuration (Strict POSIX)
#!/bin/bash# Configure for maximum portabilityshellcheck\--shell=sh \ --external-sources \ --check-sourced \ script.sh
Development Configuration (Bash with Relaxed Rules)
#!/bin/bash# Configure for Bash developmentshellcheck\--shell=bash \--exclude=SC1091,SC2119 \--enable=all \ script.sh
CI/CD Integration Configuration
#!/bin/bashset-Eeuo pipefail
# Analyze all shell scripts and fail on issuesfind.-type f -name"*.sh"|whileread-r script;doecho"Checking: $script"shellcheck\--shell=bash \--format=gcc \--exclude=SC1091 \"$script"||exit1done
.shellcheckrc for Project
# Shell dialect to analyze against
shell=bash
# Enable optional checks
enable=avoid-nullary-conditions,require-variable-braces,check-unassigned-uppercase
# Disable specific warnings
# SC1091: Not following sourced files (many false positives)
disable=SC1091
# SC2119: Use function_name instead of function_name -- (arguments)
disable=SC2119
# External files to source for context
external-sources=true
Integration Patterns
Pre-commit Hook Configuration
#!/bin/bash# .git/hooks/pre-commit#!/bin/bashset-e# Find all shell scripts changed in this commitgitdiff--cached --name-only |grep'\.sh$'|whileread-r script;doecho"Linting: $script"if!shellcheck"$script";thenecho"ShellCheck failed on $script"exit1fidone
βΊAccess to product documentation and roadmap tools (Jira, Notion, etc.)
βΊUnderstanding of product management frameworks (RICE, Jobs-to-be-Done, etc.)
βΊStakeholder contact information and communication channels
Time Estimate
30-60 minutes to see productivity improvements
Steps
1Install product management skill
2Start with user story generation for known feature
3Progress to competitive analysis: research 2-3 competitors
4Use for roadmap prioritization: apply RICE/ICE scoring
5Draft stakeholder communications and refine based on feedback
6Build template library for recurring PM tasks
7Share effective prompts with product team
Common Pitfalls
β Not validating competitive researchβverify facts before sharing
β Accepting user stories without involving engineering team
β Over-relying on frameworks without qualitative judgment
β Not customizing outputs to company culture and communication style
β Skipping stakeholder validation of generated requirements
Best Practices
β Do
+Validate research and competitive analysis with real data
+Collaborate with engineering when generating technical requirements
+Customize frameworks and templates to your company context
+Use skill for first drafts, refine with stakeholder input
+Document successful prompt patterns for PM tasks
+Combine AI efficiency with human judgment and intuition
β Don't
βDon't publish competitive analysis without fact-checking
βDon't finalize user stories without engineering review
βDon't make prioritization decisions solely on AI scoring
βDon't skip customer validation of generated requirements
βDon't ignore company-specific context and culture
π‘ Pro Tips
β Provide context: company goals, constraints, customer feedback
β Ask for alternatives: 'Show 3 ways to prioritize this roadmap'
β Request stakeholder-specific formatting: 'Executive summary vs. engineering spec'
β Use skill for 70% generation + 30% customization to company needs
When to Use This
β Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
β Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
Learning Path
1Basic: user stories, feature specs, status updates
