Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

baekenough/action-validator

Name: action-validator
Author: baekenough

.claude/skills/action-validator/SKILL.md

npx skillsauth add baekenough/oh-my-customcode action-validator

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Action Validator Skill

Purpose

Advisory pre-action validation layer that checks agent tool calls against declared capabilities, file access scope (R002), and task contracts before execution. Inspired by AutoHarness (Google DeepMind) — enforcing action-space legality at agent boundaries.

This skill does NOT block actions (R021 advisory-first model). It emits warnings when agents attempt operations outside their declared scope.

Validation Checks

| Check | What | Against | |-------|------|---------| | Tool scope | Tool being called | Agent's tools frontmatter list | | File scope | File path in Write/Edit | R002 file access rules | | Domain scope | Target file extension | Agent's domain frontmatter | | Task contract | Operation type | Task description constraints |

Advisory Format

--- [Action Validator] Scope warning ---
  Agent: {agent-name}
  Tool: {tool-name}
  Target: {file-path}
  Issue: {description}
  Declared scope: {agent's declared tools/domain}
  💡 Suggestion: {recommended action}
---

Integration Points

| System | How | |--------|-----| | PreToolUse hooks | Optional hook to check tool calls (advisory only) | | pipeline-guards | Complements pipeline stage gates | | adversarial-review | Provides action-space-legality criterion | | R002 (Permissions) | Validates against declared file access rules | | R010 (Orchestrator) | Orchestrator validates subagent scope claims |

Policy Cache Pattern

For high-repetition agents (e.g., mgr-gitnerd commit workflows), capture validated decision paths as reusable policies:

policy_cache:
  agent: mgr-gitnerd
  action: git-commit
  validated_steps:
    - tool: Bash
      pattern: "git add *"
      verdict: allow
    - tool: Bash
      pattern: "git commit *"
      verdict: allow
    - tool: Bash
      pattern: "git push *"
      verdict: warn_confirm

Policy caching reduces redundant LLM calls for well-understood workflows. Policies are advisory — the orchestrator may override.

Scope

This skill is an advisory layer, not a hard enforcement mechanism:

Does: Emit warnings, log scope violations, suggest corrections
Does NOT: Block tool execution, modify agent behavior, override R021
Future: May integrate with PreToolUse hooks for automated checking (see R021 promotion criteria)

baekenough/action-validator

.claude/skills/action-validator/SKILL.md

Pre-action boundary checking — validates agent tool calls against declared capabilities and task contracts

11 stars

tools

Updated Apr 3, 2026

$ install --global

skillsauth

npx skillsauth add baekenough/oh-my-customcode action-validator

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 3, 2026, 8:17 PM6.6s1 file scanned

SKILL.md

name:: action-validator
description:: Pre-action boundary checking — validates agent tool calls against declared capabilities and task contracts
scope:: core
user-invocable:: false

Action Validator Skill

Purpose

This skill does NOT block actions (R021 advisory-first model). It emits warnings when agents attempt operations outside their declared scope.

Validation Checks

Advisory Format

--- [Action Validator] Scope warning ---
  Agent: {agent-name}
  Tool: {tool-name}
  Target: {file-path}
  Issue: {description}
  Declared scope: {agent's declared tools/domain}
  💡 Suggestion: {recommended action}
---

Integration Points

Policy Cache Pattern

For high-repetition agents (e.g., mgr-gitnerd commit workflows), capture validated decision paths as reusable policies:

policy_cache:
  agent: mgr-gitnerd
  action: git-commit
  validated_steps:
    - tool: Bash
      pattern: "git add *"
      verdict: allow
    - tool: Bash
      pattern: "git commit *"
      verdict: allow
    - tool: Bash
      pattern: "git push *"
      verdict: warn_confirm

Policy caching reduces redundant LLM calls for well-understood workflows. Policies are advisory — the orchestrator may override.

Scope

This skill is an advisory layer, not a hard enforcement mechanism:

Does: Emit warnings, log scope violations, suggest corrections
Does NOT: Block tool execution, modify agent behavior, override R021
Future: May integrate with PreToolUse hooks for automated checking (see R021 promotion criteria)

Related Skills

baekenough/wiki

development

VerifiedTrustedCommunity

Generate and maintain a persistent codebase wiki — LLM-built interlinked markdown knowledge base (Karpathy LLM Wiki pattern)

15SKILL.mdUpdated Apr 16, 2026

baekenough/wiki-rag

development

VerifiedTrustedCommunity

Use the project wiki as RAG knowledge source — search wiki pages to answer codebase questions before exploring raw files

15SKILL.mdUpdated Apr 16, 2026

baekenough/skill-extractor

tools

VerifiedTrustedCommunity

Analyze task trajectories to propose reusable SKILL.md candidates from successful patterns

15SKILL.mdUpdated Apr 16, 2026

baekenough/skill-extractor

baekenough/hada-scout

data-ai

VerifiedTrustedCommunity

hada.io RSS feed monitoring for AI agent/harness articles with automated /scout analysis

15SKILL.mdUpdated Apr 16, 2026

baekenough/hada-scout

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/baekenough/oh-my-customcode.git

# Copy into Claude Code skills folder (global)
cp -r oh-my-customcode/.claude/skills/action-validator ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

baekenough/oh-my-customcode

11 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT