Blog

Long-form posts about software, vibe coding, and building in public.

ai claude-code devtools git licensing open-source opinion playwright security supply-chain teams vibe-coding

Mar 26, 2026

I Audited a Claude Code Plugin That Reads All Your Browser Cookies

A security review of millionco/expect — a Claude Code plugin that runs AI-driven browser tests via Playwright. The skill is safe. The CLI decrypts every cookie in your browser.

claude-code security ai devtools playwright

Mar 24, 2026

Everyone's Sharing Claude Code Skills. Nobody's Checking What's Inside.

The skills ecosystem is growing fast. A recent study found malicious payloads in 13% of published skills. Here's what that looks like in practice and what you can do about it.

claude-code security ai supply-chain devtools

Mar 19, 2026

The Blind Spot in Vibe Coding: Your AI Agent Doesn't Check Licenses

Your AI coding agent installs packages to solve problems. It doesn't check if those packages are GPL, unlicensed, or pulled from a sketchy mirror. Here's how to protect your project.

vibe-coding licensing ai open-source devtools

Mar 18, 2026

Claude Code Loves Worktrees. Your Infrastructure Doesn't.

Claude Code's instinct to parallelize with worktrees is powerful — until your project has Docker Compose, env secrets, and 5 services fighting for the same port.

git devtools claude-code opinion

Mar 17, 2026

Scaling Vibe Coding: A Framework for Teams Using Claude Code

Vibe coding works great solo as is. But what happens when your team grows exponentially?

vibe-coding claude-code teams ai