A Claude Skill that audits, packages, and publishes a project to vibevendors.com as a draft listing — without ever shipping your secrets.
It runs a six-step pipeline you can stop at any time:
- Scan the project — detects type, framework, suggests a category and technology tags.
- Audit the project — refuses to publish if it finds hardcoded Stripe live keys, AWS access keys, GitHub tokens, JWTs, private SSH keys, or 20+ other patterns.
- Extract env vars — writes a sensible .env.example from process.env.X / env("X") / os.environ["X"] references in your source.
- Generate docs — fills in only the missing install / run / environment sections of your README.
- Package — clean zip excluding node_modules, vendor, .env, *.pem, dist, .git, and 50+ other patterns. Double-checks the final zip for sensitive files before upload.
- Publish — POSTs a draft listing to your seller account. You publish from the dashboard once you've reviewed it.
Bonus: auto-generates a 1200×675 gradient SVG cover image with your project name (palette chosen deterministically from the name hash) if you don't supply one.
Written in pure bash with no runtime dependencies beyond curl, jq, and zip. Install instructions and full usage are in the README inside the zip.