Shell scripting best practices for writing safe, portable, and maintainable bash/sh scripts (formerly shell-scripts). Use when writing, reviewing, or refactoring shell scripts. Triggers on shell scripts, bash, sh, POSIX, ShellCheck, error handling, quoting, variables.
Shell Scripts Best Practices
Comprehensive best practices guide for shell scripting, designed for AI agents and LLMs. Contains 48 rules across 9 categories, prioritized by impact from critical (safety, portability) to incremental (style). Each rule includes detailed explanations, real-world examples comparing incorrect vs. correct implementations, and specific impact metrics.
When to Apply
Reference these guidelines when:
- Writing new bash or POSIX shell scripts
- Reviewing shell scripts for security vulnerabilities
- Debugging scripts that fail silently or behave unexpectedly
- Porting scripts between Linux, macOS, and containers
- Optimizing shell script performance
- Setting up CI/CD pipelines with shell scripts
Rule Categories by Priority
| Priority | Category | Impact | Prefix | Rules |
|---|---|---|---|---|
| 1 | Safety & Security | CRITICAL | safety- |
6 |
| 2 | Portability | CRITICAL | port- |
5 |
| 3 | Error Handling | HIGH | err- |
6 |
| 4 | Variables & Data | HIGH | var- |
5 |
| 5 | Quoting & Expansion | MEDIUM-HIGH | quote- |
6 |
| 6 | Functions & Structure | MEDIUM | func- |
5 |
| 7 | Testing & Conditionals | MEDIUM | test- |
5 |
| 8 | Performance | LOW-MEDIUM | perf- |
6 |
| 9 | Style & Formatting | LOW | style- |
4 |
Quick Reference
1. Safety & Security (CRITICAL)
safety-command-injection- Prevent command injection from user inputsafety-eval-avoidance- Avoid eval for dynamic commandssafety-absolute-paths- Use absolute paths for external commandssafety-temp-files- Create secure temporary filessafety-suid-forbidden- Never use SUID/SGID on shell scriptssafety-argument-injection- Prevent argument injection with double dash
2. Portability (CRITICAL)
port-shebang-selection- Choose shebang based on portability needsport-avoid-bashisms- Avoid bashisms in POSIX scriptsport-printf-over-echo- Use printf instead of echo for portabilityport-export-syntax- Use portable export syntaxport-test-portability- Use portable test constructs
3. Error Handling (HIGH)
err-strict-mode- Use strict mode for error detectionerr-exit-codes- Use meaningful exit codeserr-trap-cleanup- Use trap for cleanup on exiterr-stderr-messages- Send error messages to stderrerr-pipefail- Use pipefail to catch pipeline errorserr-check-commands- Check command success explicitly
4. Variables & Data (HIGH)
var-use-arrays- Use arrays for lists instead of stringsvar-local-scope- Use local for function variablesvar-naming-conventions- Follow variable naming conventionsvar-readonly-constants- Use readonly for constantsvar-default-values- Use parameter expansion for defaults
5. Quoting & Expansion (MEDIUM-HIGH)
quote-always-quote-variables- Always quote variable expansionsquote-dollar-at- Use "$@" for argument passingquote-command-substitution- Quote command substitutionsquote-brace-expansion- Use braces for variable clarityquote-here-documents- Use here documents for multi-line stringsquote-glob-safety- Control glob expansion explicitly
6. Functions & Structure (MEDIUM)
func-main-pattern- Use main() function patternfunc-single-purpose- Write single-purpose functionsfunc-return-values- Use return values correctlyfunc-documentation- Document functions with header commentsfunc-avoid-aliases- Prefer functions over aliases
7. Testing & Conditionals (MEDIUM)
test-double-brackets- Use [[ ]] for tests in bashtest-arithmetic- Use (( )) for arithmetic comparisonstest-explicit-empty- Use explicit empty/non-empty string teststest-file-operators- Use correct file test operatorstest-case-patterns- Use case for pattern matching
8. Performance (LOW-MEDIUM)
perf-builtins-over-external- Use builtins over external commandsperf-avoid-subshells- Avoid unnecessary subshellsperf-process-substitution- Use process substitution for temp filesperf-read-files- Read files efficientlyperf-parameter-expansion- Use parameter expansion for string operationsperf-batch-operations- Batch operations instead of loops
9. Style & Formatting (LOW)
style-indentation- Use consistent indentationstyle-file-structure- Follow consistent file structurestyle-comments- Write useful commentsstyle-shellcheck- Use ShellCheck for static analysis
How to Use
Read individual reference files for detailed explanations and code examples:
- Section definitions - Category structure and impact levels
- Rule template - Template for adding new rules
Reference Files
| File | Description |
|---|---|
| AGENTS.md | Complete compiled guide with all rules |
| references/_sections.md | Category definitions and ordering |
| assets/templates/_template.md | Template for new rules |
| metadata.json | Version and reference information |
Key Sources
You Might Also Like
Related Skills
coding-agent
Run Codex CLI, Claude Code, OpenCode, or Pi Coding Agent via background process for programmatic control.
openclaw
add-uint-support
Add unsigned integer (uint) type support to PyTorch operators by updating AT_DISPATCH macros. Use when adding support for uint16, uint32, uint64 types to operators, kernels, or when user mentions enabling unsigned types, barebones unsigned types, or uint support.
pytorchat-dispatch-v2
Convert PyTorch AT_DISPATCH macros to AT_DISPATCH_V2 format in ATen C++ code. Use when porting AT_DISPATCH_ALL_TYPES_AND*, AT_DISPATCH_FLOATING_TYPES*, or other dispatch macros to the new v2 API. For ATen kernel files, CUDA kernels, and native operator implementations.
pytorchskill-writer
Guide users through creating Agent Skills for Claude Code. Use when the user wants to create, write, author, or design a new Skill, or needs help with SKILL.md files, frontmatter, or skill structure.
pytorch
implementing-jsc-classes-cpp
Implements JavaScript classes in C++ using JavaScriptCore. Use when creating new JS classes with C++ bindings, prototypes, or constructors.
oven-shimplementing-jsc-classes-zig
Creates JavaScript classes using Bun's Zig bindings generator (.classes.ts). Use when implementing new JS APIs in Zig with JSC integration.
oven-sh