0xlayerghost/git-workflow
skills/git-workflow/SKILL.md
[AUTO-INVOKE] MUST be invoked BEFORE creating git commits, PRs, or code reviews. Covers Conventional Commits, PR templates, review requirements, and AI-assisted development rules. Trigger: any task involving git commit, git push, PR creation, or code review.
$ install --global
skillsauthnpx skillsauth add 0xlayerghost/solidity-agent-kit git-workflowInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Error
VirusTotalMulti-engine malware detection
70%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 24, 2026, 12:51 PM45.2s1 file scanned
SKILL.md
- name:
- git-workflow
- description:
- [AUTO-INVOKE] MUST be invoked BEFORE creating git commits, PRs, or code reviews. Covers Conventional Commits, PR templates, review requirements, and AI-assisted development rules. Trigger: any task involving git commit, git push, PR creation, or code review.
Git Collaboration Standards
Language Rule
- Always respond in the same language the user is using. If the user asks in Chinese, respond in Chinese. If in English, respond in English.
Commit Rules
Use Conventional Commits format: <type>: <short description>
| Type | When to use |
|------|------------|
| feat: | New feature or contract |
| fix: | Bug fix |
| refactor: | Code restructure without behavior change |
| test: | Add or update tests |
| docs: | Documentation changes |
| chore: | Build config, dependency updates, toolchain |
| security: | Security fix or hardening |
Commit Workflow
- Run
git diffto review all changes before staging - Stage specific files — avoid
git add .to prevent committing.envor artifacts - Write concise commit message describing the why, not the what
- Never add
Co-Authored-Bylines — commit messages should only contain the description - Only commit — never
git pushunless explicitly requested - Never push directly to main/master — always use feature branches
Branch Naming
| Pattern | Example |
|---------|---------|
| feat/<name> | feat/staking-pool |
| fix/<name> | fix/reentrancy-guard |
| refactor/<name> | refactor/token-structure |
PR Requirements
Every PR must include:
| Section | Content |
|---------|---------|
| Change description | What was changed and why |
| Test results | forge test output (all pass) |
| Gas impact | forge test --gas-report diff for changed functions |
| Deployment impact | Does this affect deployed contracts? Migration needed? |
| Review focus | Specific areas that need careful review |
Code Review Rules
| Scenario | Requirement |
|----------|------------|
| Standard changes | Minimum 1 maintainer approval |
| Security-related changes | Minimum 2 maintainer approvals |
| AI-generated code | Must pass manual review + forge test before merge |
| Contract upgrades | Requires full team review + upgrade simulation on fork |
AI Assistance Rules
- AI-generated code must pass
forge testbefore committing - Always review AI output for: correct import paths, proper access control, gas implications
- Include relevant file paths and test cases in AI prompts for better results
- Run
forge fmtafter AI generates code to ensure consistent formatting
Related Skills
0xlayerghost/token-antiflash
testing
VerifiedTrustedCommunity
[AUTO-INVOKE] MUST be invoked when designing or reviewing ERC20 token contracts that need flash loan protection. Covers token-level defense design patterns: cost tracking, same-block cooldown, progressive sell tax, minimum balance retention, EIP-7702 aware address checks, front-run protection, and referral binding. Trigger: any ERC20 token with anti-flash-loan, anti-bot, or tokenomics security design requirements.
3SKILL.mdUpdated May 19, 2026
0xlayerghost/solidity-coding
development
VerifiedTrustedCommunity
[AUTO-INVOKE] MUST be invoked BEFORE writing or modifying any Solidity contract (.sol files). Covers pragma version, naming conventions, project layout, OpenZeppelin library selection standards, oracle integration, and anti-patterns. Trigger: any task involving creating, editing, or reviewing .sol source files.
2SKILL.mdUpdated Mar 24, 2026
0xlayerghost/solidity-checklist
testing
VerifiedTrustedCommunity
[AUTO-INVOKE] MUST be invoked BEFORE any on-chain operation (cast send, forge script --broadcast). Systematic 6-layer verification checklist: permissions, dependencies, parameters, security, testing, and knowledge capture. Trigger: any task involving sending transactions, deploying contracts, or interacting with on-chain state.
1SKILL.mdUpdated Apr 28, 2026
0xlayerghost/solidity-testing
development
VerifiedTrustedCommunity
[AUTO-INVOKE] MUST be invoked BEFORE writing or modifying any test files (*.t.sol). Covers test structure, naming conventions, coverage requirements, fuzz testing, and Foundry cheatcodes. Trigger: any task involving creating, editing, or running Solidity tests.
1SKILL.mdUpdated Mar 24, 2026