e9bc1d0626
Closes the remaining gaps vs alirezarezvani/claude-skills across trust, content types, discoverability, and community. Security (trust signal + useful): - scripts/skill-audit.mjs scans skills/*/SKILL.md + each skill's scripts/ for prompt injection, exfiltration, dynamic code exec, destructive shell, secrets, and hidden text. HIGH fails CI (.github/workflows/skill-audit.yml) + a badge. - New skill-security-auditor skill teaches the same review (production tier). Content types: - output-styles/ — 4 personas (Startup CTO, Growth Marketer, Solo Founder, Product Leader) as Claude Code output styles; --agent claude installs them too. - ORCHESTRATION.md — Skill Chain / Multi-Agent Handoff / Domain Deep-Dive / Solo Sprint patterns. Discoverability: - scripts/build-docs.mjs generates a server-rendered, SEO-indexable web/catalog.html of all skills (built in the Pages deploy; gitignored). Linked from README + playground. Community: - ROADMAP.md (now/next/later + good-first-issues). README badges/sections, TIERS (47 production), CHANGELOG, package.json files, and exports/web index all updated. SkillCheck + security audit + exports verified. Claude-Session: https://claude.ai/code/session_016JWn5jRD5tcEFKrubjQ6Px Co-authored-by: Claude <noreply@anthropic.com>
32 lines
836 B
YAML
32 lines
836 B
YAML
name: Skill Security Audit
|
|
|
|
# Scans installable skill content (skills/*/SKILL.md and each skill's scripts/)
|
|
# for prompt injection, data exfiltration, dynamic code execution, destructive
|
|
# shell, hardcoded secrets, and hidden text. Fails on HIGH-severity findings.
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
paths:
|
|
- 'skills/**'
|
|
- 'scripts/skill-audit.mjs'
|
|
- '.github/workflows/skill-audit.yml'
|
|
pull_request:
|
|
paths:
|
|
- 'skills/**'
|
|
- 'scripts/skill-audit.mjs'
|
|
- '.github/workflows/skill-audit.yml'
|
|
|
|
jobs:
|
|
audit:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
- name: Set up Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: '20'
|
|
- name: Run the skill security auditor
|
|
run: node scripts/skill-audit.mjs
|