open-agreements/recipe-quality-audit
skills/recipe-quality-audit/SKILL.md
Audit NVCA recipe quality: check file inventory, metadata schema, field-to-replacement coverage, ambiguous keys, smart quotes, test fixtures, and fill quality. Produces a structured scorecard per recipe with maturity tier classification. Use when user says "audit recipe quality," "check recipe coverage," "recipe scorecard," or "NVCA recipe quality."
$ install --global
skillsauthnpx skillsauth add open-agreements/open-agreements recipe-quality-auditInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 12, 2026, 7:29 AM173.3s1 file scanned
SKILL.md
- name:
- recipe-quality-audit
- description:
- >-
- Audit NVCA recipe quality:
- check file inventory, metadata schema, field-to-replacement
- license:
- Apache-2.0
- compatibility:
- >-
- author:
- open-agreements
- version:
- 0.1.0
- catalog_group:
- Developer Workflows
- catalog_order:
- 10
recipe-quality-audit
Audit a single NVCA recipe's quality and produce a structured scorecard.
Security model
- This skill operates on local repository files only — no network access required.
- Source document downloads (Tier 2 checks) use
ensureSourceDocx()which fetches from known template source URLs only. - No credentials or API keys are needed.
Usage
Run the audit for a specific recipe:
Audit the recipe: nvca-certificate-of-incorporation
Or audit all recipes:
Audit all NVCA recipes and update the quality tracker
Checks
Tier 1: Structural (no source download needed)
| # | Check | How |
|---|-------|-----|
| S1 | File inventory | Does recipe have metadata.yaml, replacements.json, clean.json? Optional: computed.json, normalize.json, selections.json |
| S2 | Metadata schema valid | Run existing validateRecipeMetadata() from src/core/metadata.ts |
| S3 | Field-to-replacement coverage | For each field in metadata, is there a replacement key referencing {field_name}? |
| S4 | Ambiguous keys | Flag replacement keys < 8 chars without context qualifier (e.g., [name], [its]) |
| S5 | Smart quote coverage | Keys with apostrophes should have smart-quote variants (or patcher normalizes — check patcher has normalizeQuotes) |
| S6 | Source SHA present | source_sha256 in metadata.yaml |
| S7 | Test fixture exists | integration-tests/fixtures/{recipe-id}-*.json exists |
Tier 2: Behavioral (requires source download)
| # | Check | How |
|---|-------|-----|
| B1 | Source download + scan | Count all \[[_A-Z] prefixed bracket patterns in source (underscore-fill or capitalized placeholders) |
| B2 | Replacement coverage ratio | (keys with match in source) / (total bracket patterns). Target: >80% |
| B3 | Unmatched underscore patterns | [___+] patterns in source not in replacements.json |
| B4 | Clean effectiveness | After clean, no footnotes, no "Note to Drafter", no preamble |
Tier 3: Fill quality (requires fill run)
| # | Check | How | |---|-------|-----| | F1 | Default-only fill | Fill with defaults, run verifyOutput, count blank placeholders | | F2 | Full-values fill | Fill with all fields from test fixture, assert all verify checks pass | | F3 | Formatting anomaly count | Check 8 from verifier (single-char underlined runs) | | F4 | Zero-match replacement keys | Keys that existed in replacements.json but matched nothing in the source |
Output: Quality Scorecard
{
"recipe_id": "nvca-voting-agreement",
"maturity": "beta",
"scores": { "structural": "6/7", "behavioral": "3/4", "fill": "0/4", "total": "9/15" },
"checks": [
{ "id": "S1", "name": "File inventory", "passed": true, "details": "metadata.yaml, replacements.json, clean.json present" },
{ "id": "S7", "name": "Test fixture exists", "passed": false, "details": "No fixture matching integration-tests/fixtures/nvca-voting-agreement-*.json" }
],
"field_coverage": { "metadata_fields": 14, "replacement_refs": 10, "uncovered": 4 },
"recommendations": [
"Add test fixture for fill testing (S7)",
"Add replacement keys for 4 uncovered fields (S3)"
]
}
Maturity Tiers
- scaffold: metadata-only, can't fill
- beta: has replacements + clean, score < 11/15 OR no test fixture
- production: score >= 11/15 AND has test fixture AND has computed.json (if conditional sections exist in source)
Workflow
When running the audit:
- Read
content/recipes/QUALITY_TRACKER.mdfor current state - Run Tier 1 checks (always possible)
- Run Tier 2 checks if source document is available (use
ensureSourceDocx()) - Run Tier 3 checks if a test fixture exists
- Compute scorecard and maturity tier
- Output the scorecard as JSON
- Update the quality tracker if requested
Implementation Notes
- Use
validateRecipeMetadata()fromsrc/core/metadata.tsfor S2 - Use
ensureSourceDocx()fromsrc/core/recipe/downloader.tsfor B1-B4 - Use
runRecipe()fromsrc/core/recipe/index.tsfor F1-F4 - Bracket pattern detection uses
\[[_A-Z]prefix to avoid counting citations and legal references - Zero-match keys come from
PatchResult.zeroMatchKeysreturned by the patcher - Cross-reference zero-match keys with
cleanConfig.removeRangesandcleanConfig.removeParagraphPatternsto suppress expected zero-matches
Related Skills
open-agreements/data-privacy-law-explainer
testing
VerifiedTrustedCommunity
Explain U.S. state-by-state consumer data-privacy law (CCPA/CPRA, TDPSA, VCDPA, CPA, and the other comprehensive state acts) — who a law covers, applicability thresholds, privacy-policy requirements, consumer rights and opt-outs, private rights of action, and who enforces. Reads a bundled, source-cited snapshot per state. Use when the user says "CCPA," "CPRA," "state privacy law," "privacy policy," "data subject request," "consumer rights request," "opt-out of sale," "data broker," "sensitive data," asks "do I need to comply with <state>'s privacy law," or names a U.S. state together with privacy.
35SKILL.mdUpdated Jun 11, 2026
open-agreements/non-compete-contract-explainer
development
VerifiedTrustedCommunity
Explain U.S. state-by-state (and select international) non-compete and restrictive-covenant law — whether a non-compete is enforceable, blue-pencil reformation, tolling, choice of law, independent-contractor reach, and recent bans. Reads a bundled, source-cited snapshot per jurisdiction. Use when the user says "non-compete," "noncompete contract," "restrictive covenant," "non-solicit," "garden leave," "covenant not to compete," "employment agreement," asks "is my non-compete enforceable," or names a U.S. state.
35SKILL.mdUpdated Jun 9, 2026
open-agreements/canonical-markdown-authoring
development
VerifiedTrustedCommunity
Convert plain markdown contract drafts into OpenAgreements' canonical template.md authoring format — YAML frontmatter, Kind|Label|Value|Show When cover-term tables, oa:clause directives, [[Defined Term]] paragraphs, and oa:signer directives that compile to validated JSON specs and DOCX artifacts. Use when the user says "convert this to canonical markdown," "author a new OpenAgreements template," "migrate template to template.md," or "write a canonical-form contract."
35SKILL.mdUpdated May 4, 2026
open-agreements/venture-financing
testing
VerifiedTrustedCommunity
Draft and fill NVCA model documents — stock purchase agreement, certificate of incorporation, investors rights agreement, voting agreement, ROFR, co-sale, indemnification, management rights letter. Series A and venture financing templates. Produces signable DOCX files. Use when user says "Series A documents," "NVCA," "stock purchase agreement," "investors rights agreement," "voting agreement," or "venture financing docs."
35SKILL.mdUpdated Apr 27, 2026