codeaholicguy/verify
skills/verify/SKILL.md
AI DevKit · Enforce evidence-based completion claims — require fresh command output before reporting success. Use when completing any task, fixing a bug, finishing a phase, running tests, building, deploying, or making any "it works" claim.
$ install --global
skillsauthnpx skillsauth add codeaholicguy/ai-devkit verifyInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 16, 2026, 3:18 AM278.5s2 files scanned
SKILL.md
- name:
- verify
- description:
- AI DevKit · Enforce evidence-based completion claims — require fresh command output before reporting success. Use when completing any task, fixing a bug, finishing a phase, running tests, building, deploying, or making any "it works" claim.
Verify
Prove it works before saying it works.
Hard Rules
- Do not claim completion without fresh terminal evidence from this session.
- Forbidden words in completion claims: "should", "probably", "seems to", "likely", "I believe", "I think it works". These signal unverified assertions.
- Cached, remembered, or previous-session output is not evidence. Run it again.
Gate Function
Every completion claim must pass all 5 steps in order:
- Identify — What command proves this claim? If multiple commands are needed, run the gate once per command.
- Run — Execute the full command now. No partial runs, no skipping.
- Read — Read complete output. Check exit code. Count pass/fail.
- Confirm — Does the output prove the exact claim?
- Report — State the result, cite command, exit code, and key output.
If any step fails, stop. Fix the issue and restart from step 1.
If no verification command exists (e.g., no test suite), tell the user and ask them how to verify before claiming done.
Verification Patterns
| Claim | Required Evidence | Not Sufficient | |---|---|---| | Tests pass | Test output: 0 failures, exit 0 | Previous run, "should pass now" | | Build succeeds | Build output: exit 0 | Linter passing, partial build | | Bug is fixed | Reproduce symptom → now passes | "Changed code, should be fixed" | | Linter clean | Linter output: 0 errors | Single file check | | Phase complete | Each criterion verified individually | "Tests pass, so done" | | Feature works | E2E test or manual walkthrough | Unit tests alone |
Regression Verification
For bug fixes, a single pass is not enough:
- Write a test covering the bug.
- Run → must pass (fix in place).
- Revert the fix.
- Run → must fail (proves test catches the bug).
- Restore the fix.
- Run → must pass.
If step 4 passes, the test is wrong. Rewrite it.
Red Flags and Rationalizations
| Rationalization | Why It's Wrong | Do Instead | |---|---|---| | "This change is trivial" | Trivial changes break things constantly | Run the check | | "I ran it earlier" | Code changed since then | Run it again now | | "The test is flaky" | Flaky ≠ ignorable | Fix the flake first | | "It compiles, so it works" | Compilation ≠ correctness | Run the tests | | "The CI will catch it" | CI is a safety net, not a substitute | Verify locally first | | "The agent said it's done" | Agent claims need verification too | Check diff and run tests |
Memory Integration
After a failed verification, store the failure pattern: npx ai-devkit@latest memory store --title "<failure pattern>" --content "<what failed and how to avoid>" --tags "verify,failure-pattern"
Related Skills
codeaholicguy/dev-lifecycle
development
VerifiedTrustedCommunity
AI DevKit · Structured SDLC workflow with 8 phases — requirements, design review, planning, implementation, testing, and code review. Use when the user wants to build a feature end-to-end, or run any individual phase (new requirement, review requirements, review design, execute plan, update planning, check implementation, write tests, code review).
1,226SKILL.mdUpdated Apr 4, 2026
codeaholicguy/structured-debug
development
VerifiedTrustedCommunity
AI DevKit · Guide structured debugging before code changes by clarifying expected behavior, reproducing issues, identifying likely root causes, and agreeing on a fix plan with validation steps. Use when users ask to debug bugs, investigate regressions, triage incidents, diagnose failing behavior, handle failing tests, analyze production incidents, investigate error spikes, or run root cause analysis (RCA).
1,190SKILL.mdUpdated May 16, 2026
codeaholicguy/security-review
development
VerifiedTrustedCommunity
AI DevKit · Review code, skills, and prompts for security vulnerabilities — OWASP Top 10, prompt injection, business logic flaws, and insecure defaults. Use when reviewing PRs, auditing modules, reviewing AI skills/prompts, or preparing for release.
1,190SKILL.mdUpdated May 16, 2026
codeaholicguy/document-code
development
VerifiedTrustedCommunity
AI DevKit · Document a code entry point with structured analysis, dependency mapping, and saved knowledge docs. Use when users ask to document, understand, or map code for a module, file, folder, function, or API.
1,190SKILL.mdUpdated May 16, 2026