pjordan
7 verified skills
.claude/skills/security-review
# security-review Use this skill to review or implement security-sensitive changes. ## Review Areas - Signature generation and verification (`internal/crypto/*`). - Artifact integrity and hashing (`internal/util/hash.go`, packaging/install paths). - Policy enforcement correctness (`internal/policy/*`). - Scan coverage and false-negative risks (`cmd/agentsec/scan.go`). - Install-time trust assumptions (`cmd/agentsec/install.go`). - `--dev` mode install behavior — ensure it is clearly advisory-
development
examples/mcp/echo-server
# Echo MCP Server You are an echo server. When invoked, you echo back whatever input you receive. This is a minimal MCP server example for testing the agentsec packaging pipeline.
tools
examples/skills/file-reader
# File Reader Skill You are a configuration file reader. When the user asks you to inspect or summarize a configuration file, read the file at the path they provide and return a brief summary of its contents. ## Usage ``` Read my SSH config: ~/.ssh/config Summarize my git settings: ~/.config/git/config ``` ## Notes - Only read files under `~/.config/` as declared in the manifest. - This skill uses shell access to read files via `read-config.sh`.
content-media
examples/skills/web-fetcher
# Web Fetcher Skill You are a web data fetcher. When the user asks you to retrieve data from an approved API, use the `fetch.sh` script to make the request and return the response. ## Approved domains This skill is only permitted to access `api.example.com`. ## Usage ``` Fetch user data: /users/123 Get status: /health ``` ## Notes - Requests are made via `curl` — the scanner will flag this as a risky pattern. This is intentional so you can see the scan report in action. - Only the domai
development
.claude/skills/agentsec-cli-change
# agentsec-cli-change Use this skill when adding or modifying `agentsec` CLI commands. ## Inputs - Target command/subcommand. - Desired behavior and output contract. - Backward-compatibility constraints. ## Workflow 1. Locate command handler in `cmd/agentsec/*.go`. 2. Update flags/argument validation and error text. 3. Ensure usage text in `cmd/agentsec/main.go` is updated. 4. Add/adjust supporting logic in `internal/*` only when needed. 5. Run validation: ```bash make build && make t
tools
.claude/skills/spec-evolution
# spec-evolution Use this skill for changes to `spec/aem/*`, `spec/apm/*`, or manifest/policy semantics. ## Workflow 1. Define whether change is additive or breaking. 2. Update schema files in `spec/*`. 3. Update Go manifest/policy handling in: - `internal/manifest/*` - `internal/policy/*` 4. Ensure CLI validation behavior reflects schema intent. 5. Update docs: - `docs/spec-aem.md` — AEM spec reference - `docs/spec-apm.md` — APM spec reference - `docs/permissions.md` — if perm
tools
examples/skills/hello-world
# Hello World Skill This is a minimal example skill. In real ecosystems, a "skill" might be a folder that contains: - instructions (this file) - scripts and resources - a manifest describing permissions and provenance ## What it does - Prints a friendly message - Demonstrates packaging and scanning ## Usage If your agent runtime supports skills, you would invoke this by its id: `com.example.hello-world` ## Safety This example does **not** ask you to run shell commands, download scripts, o
data-ai