oornnery/skills/verification
skills/verification/SKILL.md
--- name: verification description: Discover and run project validation gates: format, lint, typecheck, LSP diagnostics, tests, build, static security checks, dependency audits, and RTK output handling. Use before claiming work is complete, when fixing broken checks, or when setting up a validation plan. --- # Verification Use this skill to prove changes with the strongest practical checks the repo already supports. ## Discovery Order 1. Read task aliases: `package.json`, `pyproject.toml`, `
development
Updated Jun 4, 2026
$ install --global
skillsauthnpx skillsauth add oornnery/.agents skills/verificationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 7:38 AM152.1s1 file scanned
SKILL.md
- name:
- verification
- description:
- Discover and run project validation gates: format, lint, typecheck, LSP diagnostics, tests, build, static security checks, dependency audits, and RTK output handling. Use before claiming work is complete, when fixing broken checks, or when setting up a validation plan.
Verification
Use this skill to prove changes with the strongest practical checks the repo already supports.
Discovery Order
- Read task aliases:
package.json,pyproject.toml,justfile,Taskfile.yml,Makefile, CI workflows. - Prefer repo-defined aggregate commands such as
task check,pnpm check,make test, or CI-equivalent scripts. - If no aggregate exists, run the narrowest direct command that proves the changed surface.
- Broaden by blast radius: format -> lint -> type/LSP -> tests -> build -> security.
Do not install new validation tools just because they are listed here.
Python Gates
Use configured tools only:
uv run ruff format --check .
uv run ruff check .
uv run ty check src
uv run pyright
uv run pytest -v
uv run task sec
uv run bandit -r src
uv run pip-audit
Prefer uv run task check or another repo alias when it maps to the same gates.
TS/JS Gates
Use the repo package manager:
pnpm lint
pnpm typecheck
pnpm test
pnpm build
pnpm exec playwright test
pnpm audit --prod
Use npm, yarn, or bun only when their lockfile owns the repo.
LSP and Static Diagnostics
Use LSP diagnostics when the environment exposes them. Treat them as another signal, not a replacement for command-line checks.
Record:
- which files were checked
- diagnostic source
- severity
- whether the issue is pre-existing or introduced
Security Checks
Run static security checks when code touches auth, permissions, secrets, file handling, templates, webhooks, subprocesses, external URLs, SQL, deserialization, dependency changes, or production config.
Security checks may include:
- repo security task such as
task sec - Bandit, pip-audit, Semgrep, npm/pnpm audit, cargo audit
- manual review using
skills/security/SKILL.md
Do not hide findings inside generic "lint passed" wording. Triage them separately.
RTK
Use RTK for noisy output when available:
rtk <command>
rtk proxy <command>
rtk gain
Use raw commands when full unfiltered output is needed for diagnosis.
Result Format
Report checks as facts:
Command: ...
Result: PASS | FAIL | SKIPPED
Reason: ...
Risk: ...
Never say validation passed if a required check was skipped, unavailable, or failed.
Related Skills
oornnery/uv-script
tools
VerifiedTrustedCommunity
Build, review, or validate standalone Python scripts run with uv inline metadata. Use for one-file automation, operational scripts, script dependencies, shebangs, idempotency, safety, representative runs, and promoting scripts to packages.
SKILL.mdUpdated Jun 4, 2026
oornnery/python-library
development
VerifiedTrustedCommunity
Build, review, or validate Python packages and libraries where public API stability, packaging metadata, imports, examples, changelogs, build output, and compatibility matter.
SKILL.mdUpdated Jun 4, 2026
oornnery/python-cli
tools
VerifiedTrustedCommunity
Build, review, or validate Python command-line applications and terminal tools. Use for argparse, Typer, Rich, Textual-adjacent CLI UX, stdout/stderr contracts, exit codes, automation-friendly flags, help output, and CLI tests.
SKILL.mdUpdated Jun 4, 2026
oornnery/project-state
testing
VerifiedTrustedCommunity
Manage lightweight project state files such as SPEC.md, DESIGN.md, TODO.md, .spec/, and .mem/. Use when starting multi-step work, planning features, recording decisions, updating next steps, preserving cross-session context, or preparing handoff notes.
SKILL.mdUpdated Jun 4, 2026