8.3 KiB
8.3 KiB
🚀 Vibeship Ecosystem Integration - Complete
✨ Two Game-Changing Skills Added to QwenClaw
I've integrated TWO powerful Vibeship projects into QwenClaw:
| Skill | Purpose | Impact |
|---|---|---|
| Spark Intelligence | Self-evolving AI companion | Transforms QwenClaw into a learning system |
| SupaRalph Security | Supabase penetration testing | 277 attack vectors for security scanning |
🧠 Spark Intelligence
What It Does
Spark Intelligence creates a learning loop for QwenClaw:
QwenClaw Session → Capture Events → Filter Noise → Score Insights →
Pre-Tool Advisory → Outcomes Feed Back → System Evolves
Key Features
| Feature | Benefit |
|---|---|
| Pre-Tool Advisory | Warns BEFORE QwenClaw executes problematic commands |
| Memory Capture | Remembers your preferences automatically |
| Anti-Pattern Detection | Catches recurring mistakes |
| Auto-Promotion | Validated insights → CLAUDE.md, AGENTS.md, SOUL.md |
| EIDOS Loop | Extracts heuristics, playbooks, policies |
| Obsidian Observatory | 465+ pages of live intelligence data |
| 100% Local | No cloud, complete privacy |
Installation
# Windows
irm https://raw.githubusercontent.com/vibeforge1111/vibeship-spark-intelligence/main/install.ps1 | iex
# Mac/Linux
curl -fsSL https://raw.githubusercontent.com/vibeforge1111/vibeship-spark-intelligence/main/install.sh | bash
Usage
# Start Spark pipeline
python -m spark.cli up
# Start QwenClaw
qwenclaw start
# Use normally - Spark captures automatically!
qwenclaw send "Refactor the authentication module"
Example Advisory
⚠️ WARNING: Spark advisory
Action: Edit file without reading
File: src/config/database.ts
Pattern: This pattern failed 4 times in the last 24 hours.
Suggestion: Read the file first, then edit.
Reliability: 0.91 | Validated: 8 times
🔒 SupaRalph Security
What It Does
SupaRalph ("I'm in danger!") is a Supabase penetration testing tool that executes real attacks to prove vulnerabilities.
Attack Vectors (277 Total)
| Category | Attacks | What It Tests |
|---|---|---|
| RLS | 100+ | Row Level Security bypass, missing policies |
| Auth | 43+ | Weak passwords, MFA bypass, JWT manipulation |
| API | 39+ | GraphQL introspection, CORS, security headers |
| Storage | 23+ | Public buckets, path traversal, file type abuse |
| Functions | 15+ | Edge function auth bypass, rate limit bypass |
| Database | 14+ | Direct access, injection, extension abuse |
| Vibecoder | 13+ | Common AI-generated code mistakes |
| Realtime | 13+ | Subscription leaks, channel hijacking |
Installation
# Clone and run locally
git clone https://github.com/vibeforge1111/vibeship-suparalph.git
cd vibeship-suparalph
npm install
npm run dev
Open: http://localhost:5173
Usage
# Via QwenClaw
qwenclaw send "Use suparalph-security to scan my Supabase project at https://my-project.supabase.co"
# Full audit
qwenclaw send "Use suparalph-security to run all 277 attack vectors and generate compliance report"
Example Finding
🚨 BREACHED: Missing RLS Policy
Table: users
Severity: Critical
Description: Table has no RLS policies configured
Risk: Any authenticated user can access all records
Fix: Copy to Supabase AI → Generate RLS policies
🎯 Combined Power: Spark + SupaRalph
Security Learning Loop
qwenclaw send "Use suparalph-security to scan, then spark-intelligence to capture findings as pre-tool advisories"
What Happens:
- SupaRalph scans → Finds RLS vulnerability
- Spark captures → "Missing RLS policies are critical"
- Auto-promotes → CLAUDE.md: "Always enable RLS on new tables"
- Pre-tool advisory → Next time you create a table:
ℹ️ NOTE: Remember to enable RLS policies Captured from SupaRalph scan #42 Reliability: 0.96
Automated Security Workflow
# Ralph Loop + SupaRalph + Spark
while :; do
qwenclaw send "Scan with suparalph-security"
qwenclaw send "Fix critical findings"
qwenclaw send "Spark: capture security patterns"
qwenclaw send "Re-scan to verify fixes"
done
📊 QwenClaw Skills Summary
Before Vibeship Integration
- Skills: 81
- Sources: 12
After Vibeship Integration
- Skills: 152
- Sources: 17
- New Capabilities:
- Self-evolving learning (Spark)
- Security testing (SupaRalph)
- Pre-tool advisory system
- Obsidian observability
- 277 attack vectors
📁 Files Created
| File | Purpose | Size |
|---|---|---|
skills/spark-intelligence/SKILL.md |
Spark Intelligence documentation | 11KB |
skills/suparalph-security/SKILL.md |
SupaRalph security documentation | 15KB |
SPARK_INTEGRATION_GUIDE.md |
Step-by-step Spark integration | 13KB |
SPARK_YES_IMPROVE.md |
Executive summary | 8KB |
skills/skills-index.json |
Updated to v1.10.0 | - |
bin/qwenclaw.js |
Updated skills display | - |
VIBESHIP_INTEGRATION_SUMMARY.md |
This document | - |
🚀 Quick Start Guide
1. Install Spark Intelligence
# Windows
irm https://raw.githubusercontent.com/vibeforge1111/vibeship-spark-intelligence/main/install.ps1 | iex
# Verify
python -m spark.cli health
2. Install SupaRalph
git clone https://github.com/vibeforge1111/vibeship-suparalph.git
cd vibeship-suparalph
npm install
npm run dev
3. Start Using
# Terminal 1: Start Spark
python -m spark.cli up
# Terminal 2: Start QwenClaw
qwenclaw start
# Terminal 3: Use skills
qwenclaw send "Use spark-intelligence to remember my preferences"
qwenclaw send "Use suparalph-security to scan my Supabase project"
🎯 Use Cases
Use Case 1: Secure Development
# Before deploying
qwenclaw send "Use suparalph-security to scan for vulnerabilities"
qwenclaw send "Use spark-intelligence to capture security patterns"
qwenclaw send "Block deployment if critical findings exist"
Use Case 2: Learning from Mistakes
# Spark captures patterns automatically
qwenclaw send "Remember: always use --no-cache for Docker builds"
# Next time:
# ℹ️ NOTE: User prefers --no-cache for Docker builds
Use Case 3: Compliance Reporting
qwenclaw send "Use suparalph-security to generate OWASP Top 10 report"
qwenclaw send "Use spark-intelligence to store compliance patterns"
Use Case 4: AI Agent Security Loop
# Ralph Loop pattern
while :; do
qwenclaw send "Scan with suparalph-security"
qwenclaw send "Fix critical findings with Supabase AI"
qwenclaw send "Spark: capture what was learned"
done
📈 Impact Summary
Spark Intelligence Impact
| Metric | Value |
|---|---|
| Prevents Mistakes | Pre-tool advisory blocks warnings |
| Remembers Preferences | Auto-capture with intelligent scoring |
| Auto-Documents | Promotes to CLAUDE.md automatically |
| Self-Improving | Gets smarter every session |
| Observable | 465+ page Obsidian vault |
SupaRalph Impact
| Metric | Value |
|---|---|
| Attack Vectors | 277 total |
| Categories | 8 (RLS, Auth, API, Storage, Functions, Database, Vibecoder, Realtime) |
| Compliance | OWASP Top 10, SOC2, GDPR |
| Fix Integration | Supabase AI-powered |
| CI/CD Ready | GitHub Actions integration |
🔗 Resources
Spark Intelligence
- Skill:
skills/spark-intelligence/SKILL.md - Guide:
SPARK_INTEGRATION_GUIDE.md - GitHub: https://github.com/vibeforge1111/vibeship-spark-intelligence
- Website: https://spark.vibeship.co
SupaRalph Security
- Skill:
skills/suparalph-security/SKILL.md - GitHub: https://github.com/vibeforge1111/vibeship-suparalph
- Demo: http://localhost:5173 (run locally) or enter
demo
✨ Bottom Line
The Vibeship ecosystem (Spark Intelligence + SupaRalph) transforms QwenClaw into:
- ✅ A learning system that remembers and adapts
- ✅ A secure system that prevents vulnerabilities
- ✅ An observable system with full intelligence tracking
- ✅ A self-improving system that gets smarter every session
Installation Priority: BOTH ARE HIGH ⭐⭐
"I'm in danger!" - Ralph Wiggum (but not anymore with SupaRalph + Spark!) 🔒🧠✨