skill-signing-verifier

Scaffold for verifying skill package signatures and provenance (planned). Use when designing supply-chain checks. NOT for live signing or key management.

skill-signing-verifier94 wordsMITv0.1.0Repo-owned

skill-signing-verifier

Scaffold for verifying skill package signatures and provenance (planned). Use when designing supply-chain checks. NOT for live signing or key management.

Quick Start

Install:

npx skills add github:wyattowalsh/agents --skill skill-signing-verifier -y -g --agent antigravity --agent claude-code --agent codex --agent crush --agent cursor --agent gemini-cli --agent github-copilot --agent grok --agent opencode

Use: /skill-signing-verifier

Works with Claude Code, Gemini CLI, OpenCode, and other agentskills.io-compatible agents.

Later-tier scaffold for skill package signature verification.

  1. Never commit or print private signing keys.
  2. Route live signing to maintainer-controlled release tooling when implemented.
  3. Pair with security-scanner for executable-surface review until signing ships.
FieldValue
Source Typerepo-owned
Display Sourcegithub:wyattowalsh/agents
Source Kindrepo
Installabilityportable command
Review Statereviewed
Target Agentsantigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode
View Full SKILL.md
---
name: skill-signing-verifier
description: >-
Scaffold for verifying skill package signatures and provenance (planned).
Use when designing supply-chain checks. NOT for live signing or key management.
user-invocable: false
license: MIT
metadata:
author: wyattowalsh
version: "0.1.0"
internal: true
---
# Skill Signing Verifier
Later-tier scaffold for skill package signature verification.
**Scope:** Design placeholder only. Does not sign packages or manage private keys.
## Planned Workflow
1. Load packaged skill ZIP output from the repo packaging dry-run.
2. Verify signature manifest against maintainer trust store (TBD).
3. Report pass/fail without mutating installed harness skills.
## Validation Contract
```bash
uv run python skills/skill-signing-verifier/scripts/check.py
```
## Critical Rules
1. Never commit or print private signing keys.
2. Route live signing to maintainer-controlled release tooling when implemented.
3. Pair with security-scanner for executable-surface review until signing ships.

Download from GitHub


View source on GitHub