mosesgameli/open-source-compliance
.agents/skills/open-source-compliance/SKILL.md
Consolidates the standards for professional, gold-standard open-source development.
$ install --global
skillsauthnpx skillsauth add mosesgameli/ztvs open-source-complianceInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 10:44 PM44.0s1 file scanned
SKILL.md
- name:
- open-source-compliance
- description:
- Consolidates the standards for professional, gold-standard open-source development.
Professional Open Source Compliance Skill
This skill provides the AGENT with a comprehensive model of high-quality open-source software implementation.
Guiding Principles
- Zero-Ambiguity: The codebase must be self-documenting and legally clear (LICENSE headers everywhere).
- Quality Gates: Manual testing is insufficient; 95%+ automated coverage and security scanning are mandatory.
- Enterprise-Ready: The project should follow established patterns (Go internal/pkg, Conventional Commits).
Key Standards (GOLD STATUS)
1. Licensing
- Requirement: ALL source files MUST include the Apache License 2.0 preamble.
- Verification: Use the
/licenseworkflow.
2. Testing & Quality
- Requirement: ≥95% unit test coverage for core logic (Internal/Pkg).
- Requirement: No vulnerabilities detected in dependencies or static analysis.
- Verification: Use the
/testand/scanworkflows.
3. Documentation
- Requirement: Every exported symbol MUST be documented following Go conventions.
- Requirement: ADRs (RFCs) should be maintained for all major architecture decisions.
4. Commits & Workflows
- Requirement: Use Conventional Commits.
- Requirement: All PRs should be linked to an issue and verified via the
/prworkflow.
Usage in Pair Programming
When solving coding tasks, the agent should proactively:
- Verify license headers on new files.
- Suggest unit test improvements to reach the 95% target.
- Ensure public APIs are properly documented.
Related Skills
mosesgameli/pr-flow
tools
VerifiedTrustedCommunity
Create, view, and manage Pull Requests on GitHub.
4SKILL.mdUpdated Apr 16, 2026
mosesgameli/plugin-dev
tools
VerifiedTrustedCommunity
A skill for developing and integrating new vulnerability scanning plugins for the Zero Trust Vulnerability Scanner (ZTVS).
4SKILL.mdUpdated Apr 16, 2026
mosesgameli/git-flow
tools
VerifiedTrustedCommunity
A structured methodology for managing version control, remotes, and pull requests within the ZTVS repository.
4SKILL.mdUpdated Apr 16, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026