Thanks! The 'macro linter' framing is spot on—treating skill definitions with the same rigor as code is exactly the goal. regarding 'test building': are you envisioning something that auto-generates adversarial inputs (like fuzzing) based on the schema, or more like scaffolding for unit tests to ensure the tool executes correctly? I’d love to dig into that use case.

all the above!

Our team steers models using info theory; think error-correcting codes for LLMs in Shannon sense. Do in-context by interleaving codewords & content, semi-secret post-transformer model, etc.

Simple example. Can get model to gen vertically aligned text tables so all columns & borders align etc. Leverages we can use hypertokens to get model to track what to put in each cell & why + structured table schema & tool call trick

We view our tech as linting cert in certain precise sense. The catch is bridging semantic coherence. That’s most readily done using similarly precise semantic rubric like yours.

Why? The general problem of things that nobody wants to do relative to their role, time, resources, etc.

Test gen, refactor, design, any and all the things getting in way of dev & layperson adoption. What layperson wants to write hey ok so map reduce this with 5 alt models in MoE and get back to me? What dev wants to laboriously sketch 67M SQL attacks as part of their prompt, etc.

Why? The most direct way to solve that why should I have to do this problem & also solve having the model do reliably. This becomes esp. problematic for structured data & interfaces which is our focus.

You’re building exactly the sorts of structured rule sets desperately needed right now. Our stuff makes sure these sorts of skills get executed reliably.

While we also do quite a bit on data & viz semantic tooling, big gap in what you’re doing with semantic code linting of all shapes & sizes. Just reading code and suggesting key fuzz spots or fuzz categories missed by trad fuzzers. Macro semantic linting for forms. Etcccccccccccccc

Wow, I have to admit, the "Shannon sense / error-correcting codes" angle is wild.

I'm just here trying to stop people from accidentally letting agents rm -rf their servers with static rules, but your approach to runtime steering sounds like the real endgame for reliability.

You nailed it on the "bridging semantic coherence" part. It feels like we're attacking the same beast from two ends: I'm writing the specs/contracts, and you're ensuring the execution actually honors them.

Really appreciate the validation. Hearing "desperately needed" from someone working on that level of the stack makes my day.

yeah, one way to frame is have to have structural parity & semantic parity & bridge to & from both like balanced scales.

We started with structure to help others solve semantics. Your approach doing same thing from other direction!

While theoretically possible to do just one or other in nested way it’s much easier to do little bit of both, especially if want anything approaching associative recall & reasoning. Akin to dynamically balancing volume between parts of songs or reprojecting continuously into some frequency envelope etc.

I'm going to steal that "dynamically balancing volume" metaphor.

It perfectly explains why static rules usually aren't enough on their own. We need that runtime "remixing" to get a clear signal.

Thanks for the deep dive. It’s rare to find this kind of nuanced discussion in a Show HN thread!

yep! think dynamic amplifier / equalizer

inflight token tuning of signal boost, SNR, etc.

& for sure / likewise!

Hi HN,

I built SkillRisk because I was terrified of giving my AI agents shell_exec or broad API access without checking them first.

It is a free security analyzer strictly for AI Agent Skills (Tools).

The Problem: We define skills in JSON/YAML for Claude/OpenAI, often copy-pasting code that grants excessive permissions (wildcard file access, dangerous evals, etc.).

The Solution: SkillRisk parses these definitions and runs static analysis rules to catch:

Privilege Escalation: Detects loosely scoped permissions. Injection Risks: Finds arguments vulnerable to command injection. Data Leaks: Checks for hardcoded secrets in skill schemas. You can paste your skill definition and get a report instantly. No login required for the core scanner. I linked directly to the free scanner so you can try it instantly.

Try it here: https://skillrisk.org/free-check

I'd love to hear how you handle security for your AI agents!

Hey HN,

I built this app for a friend who has ADHD.

The backstory: She was struggling to stick to her daily routine, so I asked her, "Why don't you just use the system alarms?"

Her reaction was immediate: "Don't talk to me about system alarms."

She explained that alarms are too startling and stressful. She doesn't want a loud noise screaming at her; she just needs to know how much time is left until her next task (e.g., "15 mins until stand-up") without doing mental math every time she looks at the clock.

What I built:

Since I couldn't find an existing app that did exactly this (simple, non-intrusive, strictly visual), I built DuePal.

It does one thing: It puts a live countdown to your set "points in time" (9:00, 12:00, 17:00) right on the Dynamic Island and Lock Screen.

It creates "passive awareness" of time passing.

No startling sounds, just a visual nudge.

It handles repeating schedules (because setting timers manually every day is a pain).

It's a tiny utility, but it stopped my friend from being late without spiking her cortisol levels. I thought others here might find it useful too.

Happy to answer any questions about the Live Activities implementation!

That passive awareness of time passing would require me to look at the phone frequently, which I prefer to avoid. A gentle chime when the alarm is approaching would be better. I'd rather have something that fixes the overly alarming system alarm, e.g. by letting me select the audio file and starting it quiet and gentle. That would also be useful across apps, including oodles of timers and time boxers. But I don't know if phone OSes allow this kind of customization.

I hear you. It sounds like you have a good internal clock! For people with severe time blindness (like the friend I built this for), the problem is the opposite: time disappears completely. If she doesn't look, she assumes she has hours left when she only has minutes. The visual countdown acts as a prosthetic for that missing sense of time. But yes, if you don't struggle with that specific issue, checking the phone would definitely be annoying. A custom fade-in alarm sounds like a great idea for a different app.

I do have that problem, which is why I appreciate the warning chimes of my Pomodoro app. But I prefer my warnings to be in the audio mode, especially because I don't have to remember to pick up the phone to see what I'm forgetting.

It’s funny how different brains work. For her, any sound feels like an interruption or a 'demand' from the phone. She prefers the visual cue because it lets her check the time on her terms, rather than the phone interrupting her flow. But you're right—for 'eyes-free' awareness, you really can't beat audio.

Hi HN,

I’m the creator of SWOTPal.

I built this because I spent years in strategy roles where 80% of the time was spent formatting slides and only 20% on actual thinking. I wanted to invert that ratio.

SWOTPal is a Web and iOS app that uses LLMs to structure unstructured data (company websites, news articles, or brain dumps) into a clean, professional SWOT analysis.

How it works:

1. You input a topic, a URL, or a LinkedIn profile.

2. The backend scrapes the relevant context (or uses internal knowledge for big companies).

3. It passes through a chain of prompts designed to minimize "fluff" and maximize actionable insights (e.g., specific specific operating margins rather than just "high costs").

4. It renders the output into a grid that can be exported directly as PDF/PNG for presentations.

One fun use case:

We added a "LinkedIn Decoder." You can paste a public LinkedIn profile URL, and it generates a personal brand SWOT. It’s surprisingly good at spotting gaps in a resume.

I’d love to hear your feedback on the quality of the generated insights vs. a human consultant.

Happy to answer any questions about the tech stack or the prompt engineering challenges!

Appreciate the honesty — this is exactly the feedback I need.

Core app is free, subscription is just for trends. But yeah, I'm not married to the model. If enough people prefer one-time purchase, I'd consider adding that option.

What price point would feel right to you?

Okay, so here’s the thing: the ‘freemium’ model is always going to cause friction, the user will be using the app and suddenly run into an apparently arbitrary paywall and that’ll almost always solicit some kind of ire along the lines of “I want to see this thing, this thing is already there, but now they’re asking me to pay for what is already constructed and therefore has zero marginal cost to the developer” (or some inchoate variation thereof). Basically it generates frustration.

My take is that this is a fair app for the usage case you posit: determining sunlight exposure in regions where not much is available. Other use cases come to mind: for example beach-goers who are keen to make sure they don’t overexpose themselves but gradually build up a tan. It’s data they can piece together themselves numerically or (to be perfectly honest) that being humans who have evolved for millennia under sunlight, we can kind of intuit ourselves.

I’d say it’s a roughly 1.99 euro purchase fee for the ‘trends’ feature. It may even be a 1.99 euro for the app itself rather than half-free half-paid, but it’s definitely not something I want a large recurring subscription for. I can look at the sky and I can look at my skin, and I can figure out the rest. The only value is in quantifying it, and so the whole thing is meaningless unless it tells me something I don’t intuitively already know.

This is really helpful, thank you.

You're right — the value is in quantifying something we can mostly intuit. That's a high bar.

Honestly leaning toward just making it $1.99 upfront, no freemium. Simpler and more honest.

The beach-goer angle is interesting too. Hadn't thought of that.

Appreciate you taking the time.

Glad to be of service. It’s lovely to have actually direct and honest conversations once in a while instead of talking over each-other dogmatically.

Hi HN, I built this because I live in a city with limited sunshine and kept missing the good days while working from home.

The problem: Apple Watch tracks "Time in Daylight" but buries it in Health app with zero insights.

What I built: - Pulls daylight data from HealthKit - Gives you a daily "Sunshine Score" (0-100) based on duration, frequency, and morning sun bonus - Shows weekly trends to spot patterns - Widget + Watch app for quick glance Tech: SwiftUI, HealthKit, WidgetKit, WatchOS. No backend – all data stays on device.

Built this in ~2 weeks with no prior iOS dev experience (used AI coding tools). Got rejected by Apple 4 times before approval – happy to share what I learned about HealthKit app reviews if anyone's curious.

Free to use, optional $1.99/mo subscription for trends.

Would love feedback, especially on the scoring algorithm.