cnoe-io/dco-ai-attribution
skills/dco-ai-attribution/SKILL.md
DCO compliance and AI attribution guidelines for commits that include AI-assisted code. Enforces the Linux kernel coding-assistants policy: AI must never add Signed-off-by; humans certify the DCO; Assisted-by trailer documents AI tool usage. Apply whenever a user is committing AI-assisted code in any project.
$ install --global
skillsauthnpx skillsauth add cnoe-io/ai-platform-engineering dco-ai-attributionInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 14, 2026, 3:24 AM18.5s1 file scanned
SKILL.md
- name:
- dco-ai-attribution
- description:
- >
- Enforces the Linux kernel coding-assistants policy:
- AI must never add Signed-off-by;
DCO and AI Attribution for AI-Assisted Commits
These rules are derived from the Linux kernel's official AI Coding Assistants policy. They apply to all projects where the DCO governs contributions.
Core rule: AI must never add Signed-off-by
Signed-off-by is a human-only legal certification of the DCO. An AI agent must not
generate, suggest, or insert a Signed-off-by line on behalf of itself.
The human submitter is always responsible for:
- Reviewing all AI-generated code before committing
- Ensuring the contribution is license-compatible with the target project
- Adding their own
Signed-off-byto certify the DCO - Taking full legal and ethical responsibility for the contribution
Attribution: Assisted-by trailer
Format: Assisted-by: AGENT_NAME:MODEL_VERSION [TOOL1] [TOOL2]
Examples: Assisted-by: Claude:claude-sonnet-4-6 Assisted-by: Claude:claude-sonnet-4-6 clang-tidy Assisted-by: Claude:claude-3-opus coccinelle sparse
Complete commit message example
fix(auth): validate JWT expiry before returning user context
The expiry check was skipped when the token lacked an explicit 'exp' claim, allowing stale tokens to authenticate.
Assisted-by: Claude:claude-sonnet-4-6 Signed-off-by: Sri Aradhyula [email protected]
Pre-commit checklist
- [ ] I have read and understood every line of AI-generated code
- [ ] I can explain what the code does and why it is correct
- [ ] The code is license-compatible with the target project
- [ ] I have added my own Signed-off-by trailer
- [ ] I have added an Assisted-by trailer (AI tool + model version)
- [ ] No AI-generated Signed-off-by line is present
How this skill was developed
Written with Claude Code (claude-sonnet-4-6). Policy content derived from the Linux kernel's coding-assistants.rst, authored by the kernel community (GPL-2.0).
Assisted-by: Claude:claude-sonnet-4-6
Related Skills
cnoe-io/streaming-testing
testing
VerifiedTrustedCommunity
Compare A2A streaming behaviour across supervisor versions. Captures SSE events, analyzes metadata flags (is_narration, is_final_answer), and produces side-by-side comparison reports.
345SKILL.mdUpdated Apr 15, 2026
cnoe-io/sprint-progress-report
testing
VerifiedTrustedCommunity
Generate a comprehensive sprint progress report from Jira with velocity metrics, burndown analysis, blocker identification, and team workload distribution. Use when preparing sprint reviews, standups, or tracking sprint health mid-cycle.
345SKILL.mdUpdated Apr 4, 2026
cnoe-io/security-vulnerability-report
development
VerifiedTrustedCommunity
Scan GitHub repositories for security vulnerabilities including Dependabot alerts, code scanning results, and secret scanning findings. Use when auditing repository security, preparing compliance reports, or triaging vulnerability alerts.
345SKILL.mdUpdated Apr 4, 2026
cnoe-io/review-specific-pr
development
VerifiedTrustedCommunity
Perform a comprehensive code review of a specific GitHub Pull Request. Analyzes code changes, checks for bugs, security issues, test coverage, and coding standards compliance. Use when a user provides a PR URL or asks to review a specific pull request.
345SKILL.mdUpdated Apr 4, 2026