grtninja/skill-auditor
skill-candidates/skill-auditor/SKILL.md
Audit skill candidates and classify each changed skill as unique or upgrade with severity findings. Use when creating/updating skills, preparing admission evidence, or producing audit JSON for skill-game scoring.
$ install --global
skillsauthnpx skillsauth add grtninja/skill-arbiter skill-auditorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 8:28 PM53.3s4 files scanned
SKILL.md
- name:
- skill-auditor
- description:
- Audit skill candidates and classify each changed skill as unique or upgrade with severity findings. Use when creating/updating skills, preparing admission evidence, or producing audit JSON for skill-game scoring.
Skill Auditor
Use this skill to classify and gate new or updated skills.
Workflow
- Select changed skills (
--include-skill) or scan the full candidate set. - Run the skill audit script to classify each skill as
uniqueorupgrade. - Validate core quality checks:
- frontmatter completeness (
name,description), agents/openai.yamlpresence,- size/readability guardrails,
- required arbiter evidence when enabled,
- meta-harness drift such as legacy
Documents\GitHubroots or:1234treated as an authority surface.
- frontmatter completeness (
- Review findings by severity (
high,medium,low) and fix failures. - Re-run until
high_count=0for admission-ready output.
Commands
Audit selected skills:
python3 scripts/skill_audit.py \
--skills-root skill-candidates \
--include-skill <skill-name> \
--json-out /tmp/skill-audit.json
Audit with arbiter evidence required:
python3 scripts/skill_audit.py \
--skills-root skill-candidates \
--include-skill <skill-name> \
--arbiter-report /tmp/skill-arbiter-evidence.json \
--require-arbiter-evidence \
--json-out /tmp/skill-audit.json
Classification Rules
unique: no strong near-peer overlap detected in current skill set.upgrade: near-peer overlap indicates refinement/extension of an existing lane.highfindings block completion.mediumfindings should be addressed before admission when possible.- Meta-harness-sensitive skills should also encode the canonical
G:\GitHubroot contract, authoritative:9000/:2337model lanes, and PC Control-first evidence rules where applicable.
Scope Boundary
Use this skill only for skill-audit classification and findings generation.
Do not use this skill for runtime skill arbitration; use $skill-arbiter-lockdown-admission.
References
references/audit-rubric.mdscripts/skill_audit.py
Loopback
If findings remain unresolved:
- Capture failing checks and evidence paths.
- Route through
$skill-hubfor chain recalculation. - Resume only after an updated chain assigns deterministic fixes.
Related Skills
grtninja/white-hat
tools
VerifiedTrustedCommunity
Run a defender-first security sweep on code, configs, prompts, model/tooling surfaces, or third-party contribution lanes. Use when a request involves safe bug, leak, zero-day-class, exploit, or hack hunting for protection, when contributing to outside repositories and you want a focused security pass, or when touching auth, secrets, permissions, network exposure, prompt/tool boundaries, data flow, or update/build surfaces. This skill is defensive only and must never be used for weaponization or unauthorized access.
2SKILL.mdUpdated Apr 22, 2026
grtninja/vrm-sandbox-startup-acceptance
development
VerifiedTrustedCommunity
Validate and repair VRM Sandbox startup acceptance with shim-first local model authority, frontend/backend bring-up, and avatar-runtime launch proof. Use when launch behavior, chat handoff, voice fallback, or runtime bridge acceptance must be verified end to end.
2SKILL.mdUpdated Apr 22, 2026
grtninja/voice-catalog-runtime-alignment
documentation
VerifiedTrustedCommunity
Align documented voice-command catalogs, endpoint action allowances, and live runtime handlers so operator-visible voice surfaces match what the stack can actually execute. Use when voice command docs, parser matrices, endpoint permissions, or runtime action routing drift apart.
2SKILL.mdUpdated Apr 22, 2026
grtninja/skillhub-trend-radar
development
VerifiedTrustedCommunity
Track SkillHub trend and topic drift, maintain a bounded rewrite watchlist, and surface emerging gaps worth turning into repo-owned skills. Use when the marketplace query set shows new families or when the current shortlist has gone stale.
2SKILL.mdUpdated Apr 22, 2026