cvscarlos/handover
skills/handover/SKILL.md
Generates a comprehensive handover document for another AI agent to seamlessly continue work on a task without prior context. Use when asked to "handover", "save state", "switch providers", "switch to claude/codex/opencode/cursor", or prepare a summary for the next AI session. Also use when moving work between directories of the same repository.
$ install --global
skillsauthnpx skillsauth add cvscarlos/ai-skills handoverInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 18, 2026, 2:37 AM150.4s1 file scanned
SKILL.md
- name:
- handover
- description:
- Generates a comprehensive handover document for another AI agent to seamlessly continue work on a task without prior context. Use when asked to "handover", "save state", "switch providers", "switch to claude/codex/opencode/cursor", or prepare a summary for the next AI session. Also use when moving work between directories of the same repository.
Agent Handover Protocol
Generate a structured handover file (tmp/HANDOVER.md) that captures enough context for any AI agent — regardless of provider or tool — to continue the current task from scratch.
Execution Steps
1. Commit Uncommitted Work
If there are uncommitted changes, commit them before creating the handover so nothing is lost:
git status --short
# If changes exist:
git add <relevant-files>
git commit -m "wip: save progress before handover"
2. Gather State
Run these commands and capture output:
# Branch and repo
git branch --show-current
git remote get-url origin
# Detect base branch: PR base → main → master
BASE=$(gh pr view --json baseRefName -q .baseRefName 2>/dev/null \
|| (git rev-parse --verify main 2>/dev/null && echo main) \
|| echo master)
# Recent commits on this branch (since diverging from base)
git log --oneline "$BASE"..HEAD
# Uncommitted changes (if any remain)
git status --short
git diff --stat
# PR context (if any)
gh pr view --json number,title,url,state,baseRefName,reviewDecision 2>/dev/null
3. Analyze Session Context
From the conversation history, identify:
- Objective: The feature, fix, or refactor in progress
- Completion estimate: How far along is the overall task (e.g., "~70% — auth done, authz remains")
- Done / In progress / Remaining: Distinguish finished tasks, partially-done tasks (with current state), and not-yet-started tasks
- What didn't work: Failed approaches and why they were abandoned
- Key decisions: Design choices and their rationale
- Gotchas: Non-obvious issues discovered during the session
- Blockers: Failing tests, unresolved errors, open questions
4. Generate Document
- Ensure
tmp/exists and is in.gitignore. - Fill in the template below with gathered context. Omit sections with no relevant content.
- Write to
tmp/HANDOVER.md.
5. Quality Checklist
Before writing the file, verify:
- [ ] All local changes are committed (or explicitly noted as uncommitted)
- [ ] In-progress tasks describe their current state, not just their name
- [ ] Key decisions include rationale, not just the choice
- [ ] Next steps are specific enough to start immediately
- [ ] Key files are listed in priority order
- [ ] No repo-discoverable info included (stack, build commands, setup instructions)
6. Output
Reply: "Handover saved to tmp/HANDOVER.md. To resume: cat tmp/HANDOVER.md"
Rules
- Be specific: Reference file paths, function names, error messages, and commit hashes.
- Be actionable: Next steps must be concrete enough to start immediately.
- Capture the "why": Decisions without rationale are useless to the next agent.
- Include failures: What didn't work is often more valuable than what did.
- Provider-agnostic: No tool-specific instructions in the output. It must work for any AI tool.
- Skip discoverable info: Don't include information the next agent can find from the repo itself (stack, frameworks, build/test/run commands, project setup). The agent has access to
AGENTS.md,README,Makefile,package.json, etc.
Bad Handover Examples
Too vague — useless to the next agent:
## Progress
- Did some stuff with the API
- Made progress on auth
## Next Steps
- Finish the feature
Missing context — leaves the next agent guessing:
## Progress
- [x] Implemented the auth module
## Next Steps
- Fix the tests
No explanation of WHICH tests are failing, WHY they fail, or what was already tried.
Template
# Handover
> **Date:** YYYY-MM-DD
> **Repository:** <remote-url>
> **Branch:** `<current-branch>`
> **PR:** <PR-url-or-"N/A">
> **Completion:** <estimated % and one-line summary of what's done vs remaining>
## Objective
<1-3 sentences: what feature, fix, or refactor is in progress and why>
## Progress
### Done
- [x] <completed task — include file paths, function names, commit hashes>
- [x] <completed task>
### In Progress
- [ ] <partially-done task — describe current state and what remains>
### Remaining
- [ ] <not-yet-started task>
## What Didn't Work
- <failed approach> → <why it was abandoned>
- <approach that hit a dead end> → <what went wrong>
## Key Decisions
| Decision | Rationale |
| ---------- | --------- |
| <decision> | <why> |
## Gotchas
- <non-obvious issue that would waste time if rediscovered>
- <important context the next agent needs>
## Test Status
- **Passing:** <yes/no/partial>
- **Failing:** <specific test failures or "none">
## Blockers
<failing tests, unresolved errors, open questions — or "None">
## Next Steps
1. <specific first action to take>
2. <subsequent action>
3. <subsequent action>
## Key Files to Read First
1. `<path/to/file>` — <why it's important>
2. `<path/to/file>` — <why it's important>
Related Skills
cvscarlos/pr-review
testing
VerifiedTrustedCommunity
Decide whether a GitHub PR can be approved, then optionally write and submit the approval comment when the user explicitly authorizes it. Use when the user says "review this PR", "review PR
1SKILL.mdUpdated Jun 5, 2026
cvscarlos/documentation
tools
VerifiedTrustedCommunity
Writes human-friendly Markdown documentation for non-developer audiences — Implementation, product, project, CS, support, QA, ops, business analysts. Explains how a feature works, how to set it up or configure it for a client, how it ties to business rules and the product roadmap — for technical readers who don't read code. Code blocks appear only when the reader will copy, paste, send, or recognize them (embed snippets, config values, sample payloads) — not to explain how the system is built. Use when asked to "document this for the implementation team", "write a guide for product / PM / CS", "explain how X works for non-devs", or for setup guides, runbooks, FAQs, hand-off docs aimed at internal non-dev teams. Also use when adding or editing a Markdown file inside the repo's `docs/` folder for a non-developer audience. Do NOT use for API reference, developer READMEs, code-level docs (JSDoc, docstrings), or framework / testing guides — those are different docs.
1SKILL.mdUpdated May 16, 2026
cvscarlos/npm-security-check
development
VerifiedTrustedCommunity
Run a Socket.dev supply-chain check before installing, updating, or executing any npm package. Triggers on `npm install/i/add/update/upgrade <pkg>`, `yarn add/upgrade/dlx`, `pnpm add/install/update/dlx`, `bun add/install`, `npx`, `pnpx`, `bunx`, or any phrase that adds/bumps a Node dependency ("let's use <pkg>", "install X", "bump <pkg>"), including direct `package.json` edits. Use this skill EVEN IF the user did not ask — npm typosquats, malware, and malicious postinstall scripts are common, and one extra check beats days of cleanup. Checks Socket score, malware verdicts, install scripts, capabilities, CVEs, and maintainer trust, then decides PROCEED, WARN, or ABORT.
1SKILL.mdUpdated May 1, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026