Cheat Codes
One-paragraph AI tricks you can steal in 60 seconds. Too small to be a module, too sharp to bury in a thread. Bite-sized, evergreen, searchable.
- from x.com#dev#productivity
2-min security sweep before you ship any vibe-coded app
Before pushing a Claude-built app to prod, paste this into Claude Code: "Act as a security auditor. Walk the whole codebase for OWASP top-10 issues — exposed API keys, SQL injection, XSS, missing auth, unchecked inputs, leaking error traces. Return a punch list: severity / file / fix." 2 minutes, catches the dumb stuff (which is almost always what gets you). From @hackSultan. Not a pen-test — the pre-flight check.
2026-04-24read → - from Loya#video#design
3×3 storyboard grid → Seedance for 2× better video output
Before firing a 15s Seedance prompt, draft a 3×3 grid in Figma or any canvas app. Nine frames representing the 9 beats of your clip (shots 1-9, one per second-ish). Attach that grid as image_input to Seedance alongside your text prompt. Seedance follows the visual beat map way more tightly than it follows pure prose. Hit rate jumps roughly 2× on first-take quality — it's the single biggest improvement you can make to video generation without changing models.
2026-04-24read → - from developer.apple.com#money#dev
Apple's Small Business Program cuts your App Store fee from 30% to 15%
If you make under $1M/year on iOS, Apple's Small Business Program drops the App Store commission from 30% to 15% on everything — IAPs, subscriptions, paid downloads. Free to apply, takes under 5 minutes. Opt-in only — Apple does NOT auto-enroll you. For any solo dev, it's a literal 15% raise on every sale the moment you sign up.
2026-04-24read → - from Loya#video#content
Caption alpha-reveal beats whole-line pop-in captions
On short-form video, captions that pop in one full line at a time lose attention. Instead: reveal caption text ONE WORD AT A TIME, in sync with the spoken audio, using ffmpeg `drawtext` + `alpha` expression keyed to timestamps. 30 min to set up a reusable script per-project. Retention visibly jumps — viewers track the rhythm. Used across Basement Boys + Cheddy clips.
2026-04-24read → - from Loya#dev#productivity
Custom /statusline in Claude Code = always see token health
Run `/statusline` in Claude Code and paste a one-line config like: git branch + uncommitted file count + context token percent. Now every keystroke you see exactly how close you are to a context crash and what's dirty in git. 2 minutes to set up, permanent across sessions. Stops 'why did I lose context' surprises dead in their tracks.
2026-04-24read → - from Loya#video#dev
Deepgram word-level timestamps = frame-accurate sentence cuts
When transcribing podcast or video audio for clipping, Deepgram Nova-3 returns WORD-LEVEL timestamps, not just sentence-level. Pull them with `&utterances=true&punctuate=true`. Each word gets start and end in ms. Makes frame-accurate sentence cuts trivial: cut at the last word's end, resume at the next sentence's first-word start. No guesswork, no breath clips hanging on front or back.
2026-04-24read → - from Loya#dev#image-gen
Evolink's GPT-Image-2 model slug is `gpt-image-2-beta`, not `gpt-image-2`
If you're calling GPT-Image-2 through Evolink and getting 404s, the model slug is `gpt-image-2-beta`, NOT `gpt-image-2`. It's not even listed in their `/v1/models` endpoint. This quirk eats 20 minutes of 'is it broken?' debugging the first time you hit it. Just use `gpt-image-2-beta` in your model field and it works immediately.
2026-04-24read → - from Loya#dev#video
ffmpeg filter args with commas? escape them or die trying
Commas are ffmpeg's filter-chain separator, so any comma INSIDE a filter arg (like drawtext text with "hello, world") silently breaks everything without a clear error. Two fixes: (1) escape inline with \, as in text=hello\,world, or (2) wrap the whole filter expression in single quotes. AI-generated ffmpeg commands fail here more than anywhere else. 3 hours of debug becomes 0.
2026-04-24read → - from Loya#video#dev
Hyperframes vs Remotion — when to swap your code-to-video stack
If you generate short-form video from code (captions, templated reels, data viz clips): Remotion is stable but React-only, and you own the runtime. Hyperframes is newer, runs inside Claude Code as a skill, and handles Three.js natively. Swap to Hyperframes when you want camera motion or real 3D elements without fighting React-Three-Fiber setup. Remotion still wins for pure HTML/CSS-only templated reels.
2026-04-24read → - from Loya#dev#productivity
Install any Claude Code skill with `/plugin marketplace add user/repo`
To install any public Claude Code skill, don't clone repos + copy files into ~/.claude/skills/ by hand. Just run `/plugin marketplace add <user>/<repo>` inside Claude Code — it pulls, installs, and activates the skill in one command. Works with any public GitHub repo that ships a valid SKILL.md. Auto-updates on next install. Replaces the old download-copy-restart dance entirely.
2026-04-24read → - from Loya#content#video
Mix hook placement across your feed — tease vs payoff
Feed algorithms (and viewers) reward rhythm. Some clips should TEASE the punchline up front ('wait for the reveal at 0:12...'). Others should put the BIG HIT at the very end, unannounced. Running one style exclusively flattens your feed. The Clip Law says every clip needs HOOK + ENTERTAINING + PAYOFF — but WHERE you place the hook relative to the payoff should vary across any 20 consecutive posts.
2026-04-24read → - from twitter.com#image-gen#design
One business photo → full brand book via GPT-Image-2
Take one photo of a business (storefront, product shot, founder headshot) and feed it to GPT-Image-2 with an identity-lock prompt asking for color palette, typography mood, logo treatments, and scene variants. You get a usable brand book in ~2 minutes from a single input. Works for clients who have zero brand assets but a phone camera.
2026-04-24read → - from Loya#dev#design#productivity
One line to kill every spinner in Claude's UIs
When Claude Code builds a page that fetches data, add this line to your prompt: "Every loading state must be a skeleton pulse matching the final layout dimensions exactly — no spinners." Claude stops shipping blank screens and spinners and starts building real skeleton loaders. Perceived load time drops roughly 40-50%. Works across React, Next, Vue, Svelte. Free, takes 10 seconds to add.
2026-04-24read → - from Loya#dev#productivity
rettiwt 7.0.0 silently returns empty — one-line patch fixes it
If you upgrade rettiwt (X scraping lib) to 7.0.0 and every feed / search / timeline call returns empty with no error, it's a null-access crash in node_modules/rettiwt-api/dist/models/User.js around line 49. One-line patch: change `pinned_tweet_ids_str[0]` to `pinned_tweet_ids_str?.[0]`. Saves ~3 hours of 'why is my scraper returning nothing.' Re-apply after every upgrade.
2026-04-24read → - from github.com#dev#productivity
Run /ultrareview before any critical merge
Before shipping anything load-bearing, run `/ultrareview` in Claude Code. It's slower and more thorough than `/review` — designed for the pre-merge moment specifically. Catches the kind of subtle bugs a careful human reviewer would (bad edge cases, missing null checks, silent state leaks). Takes about 30s more than a regular review. Pays for itself the first time it catches something that would've shipped.
2026-04-24read → - curated for Escape 9 to 5#dev#productivity
Sanitize PII before it hits your LLM — 5-line wrapper
Any app where users type free-text that gets forwarded to an LLM is leaking personal data into your provider's logs (and sometimes their training sets). Fix: run inputs through a PII sanitizer (OpenAI's privacy filter, Microsoft Presidio, or guardrails-ai) BEFORE the LLM call. Replace names / emails / phones / addresses with tokens, restore after. 5-line wrapper, major compliance win.
2026-04-24read → - from docs.stripe.com#money#dev
Stripe Tax calculate-only mode = tax-compliance dry-run before you collect
Before flipping full sales-tax collection on, run Stripe Tax in 'calculate-only' mode. It registers your nexus obligations and calculates tax per transaction WITHOUT actually charging customers or remitting anything. You see exactly what you'd owe, where, and when a threshold would trip. Free, reversible, and lets you sanity-check thresholds before committing to Stripe Tax or Anrok for real.
2026-04-24read → - from deepwiki.com#dev#productivity
Swap github.com → deepwiki.com for instant docs
Any GitHub repo URL works on deepwiki.com with the same path. Change github.com/owner/repo to deepwiki.com/owner/repo and you get a full auto-generated documentation site for that codebase — methods, architecture, and file tree, all searchable. Ten seconds to understand any repo you're thinking about installing.
2026-04-24read → - from github.com#design#dev#productivity
The 3-skill chain that makes AI UI stop looking AI-built
Install ui-ux-pro-max-skill AND make-interfaces-feel-better via the Claude Code plugin marketplace. After every UI pass, run them in order: /ui-ux-pro-max → /make-interfaces-feel-better → /simplify. They catch what Claude misses — inconsistent spacing, weird hover states, color clashes, missing loading states — and leave the interface feeling paid-for. Free, runs in 60 seconds, works after any design change.
2026-04-24read → - from Loya#content#money
TikTok pinned comments convert better than captions
On TikTok, the pinned comment drives more action than the caption. Two patterns that work: (1) answer the implicit 'is this real?' objection directly ("yes these are real clients. DM for the blueprint."), or (2) seed a bait question so you can reply-to-top with your own link ("how much? ↓"). Pin BEFORE you post so it's on top from minute 1. Free, 10 seconds.
2026-04-24read →