jwa91/jwa-harden
skills/jwa-harden/SKILL.md
Use the `jwa-harden` CLI for secret-safe command execution, env-template discovery, and signing/notarization preflight checks. Trigger when a command needs secrets, when `.env.template` or 1Password references are involved, or before signed release flows.
tools
Updated May 14, 2026
$ install --global
skillsauthnpx skillsauth add jwa91/agentskills jwa-hardenInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 14, 2026, 7:03 AM224.0s1 file scanned
SKILL.md
- name:
- jwa-harden
- description:
- Use the `jwa-harden` CLI for secret-safe command execution, env-template discovery, and signing/notarization preflight checks. Trigger when a command needs secrets, when `.env.template` or 1Password references are involved, or before signed release flows.
jwa-harden — Secret-Safe Command Runner
jwa-harden wraps commands with 1Password CLI environment resolution. It walks
up from the current directory to find the nearest .env.template, then execs:
op run --env-file=<found> -- <command>
Use it whenever a command needs secrets from op:// references. Do not load or
print real .env files.
Command Surface
jwa-harden run -- <command> [args...] # resolve env and run command
jwa-harden doctor # check op, signin, and .env.template discovery
jwa-harden doctor signing # check codesign/notary prerequisites
jwa-harden version # print build info
Release Usage
For GoReleaser-owned projects:
jwa-harden run -- goreleaser release --clean
For script-owned cask/formula projects:
jwa-harden run -- ./scripts/release.sh <version> <path/to/artifact>
Run jwa-harden doctor first. For signed macOS artifacts, also run
jwa-harden doctor signing.
Boundary
jwa-hardenowns env-template discovery and process execution throughop.- It does not read, validate, or store secrets itself.
- Publishing mechanics belong to
jwa-tobrewor the target repo's release backend. - Real
.envfiles must stay untracked;.env.templatecontains onlyop://references.
Related Skills
jwa91/release
data-ai
VerifiedTrustedCommunity
Release the current project to the personal Homebrew tap from repo-local release config. Use when the user says "release", "ship", "cut a version", "publish", "make a new tag", or asks how to make a new version available via jwa91/tap.
SKILL.mdUpdated May 14, 2026
jwa91/tap-scaffolding
documentation
VerifiedTrustedCommunity
Modify or extend the `jwa-tobrew` scaffolding system — the templates that `init` writes into target projects. Trigger when the user says "add a new scaffold kind", "change what init writes", "update the templates", or asks how the embedded templates are wired.
SKILL.mdUpdated May 13, 2026
jwa91/tap-alignment
development
VerifiedTrustedCommunity
Detect and fix drift between a project and the conventions encoded in `jwa-tobrew`, prek, and the tap ADRs. Trigger when the user says "align", "any drift", "verify conventions", or asks why a particular file/symlink/script is required.
SKILL.mdUpdated May 13, 2026
jwa91/stackpicker
tools
VerifiedTrustedCommunity
Advise on the stack for a new project. Given what the user wants to build, plus the user's principles and preferences, propose a language + tools as a short written proposal. Use when starting a new project or deciding what to build something in.
SKILL.mdUpdated May 13, 2026