skill-signing-verifier
Scaffold for verifying skill package signatures and provenance (planned). Use when designing supply-chain checks. NOT for live signing or key management.
skill-signing-verifier94 wordsMITv0.1.0Repo-owned
skill-signing-verifier
Scaffold for verifying skill package signatures and provenance (planned). Use when designing supply-chain checks. NOT for live signing or key management.
Quick Start
Install:
npx skills add github:wyattowalsh/agents --skill skill-signing-verifier -y -g --agent antigravity --agent claude-code --agent codex --agent crush --agent cursor --agent gemini-cli --agent github-copilot --agent grok --agent opencodeUse: /skill-signing-verifier
Works with Claude Code, Gemini CLI, OpenCode, and other agentskills.io-compatible agents.
What It Does
Section titled “What It Does”Later-tier scaffold for skill package signature verification.
Critical Rules
Section titled “Critical Rules”- Never commit or print private signing keys.
- Route live signing to maintainer-controlled release tooling when implemented.
- Pair with security-scanner for executable-surface review until signing ships.
| Field | Value |
|---|---|
| Source Type | repo-owned |
| Display Source | github:wyattowalsh/agents |
| Source Kind | repo |
| Installability | portable command |
| Review State | reviewed |
| Target Agents | antigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode |
| Field | Value |
|---|---|
| Name | skill-signing-verifier |
| License | MIT |
| Version | 0.1.0 |
| Author | wyattowalsh |
| Field | Value |
|---|---|
| User Invocable | No |
View Full SKILL.md
---name: skill-signing-verifierdescription: >- Scaffold for verifying skill package signatures and provenance (planned). Use when designing supply-chain checks. NOT for live signing or key management.user-invocable: falselicense: MITmetadata: author: wyattowalsh version: "0.1.0" internal: true---
# Skill Signing Verifier
Later-tier scaffold for skill package signature verification.
**Scope:** Design placeholder only. Does not sign packages or manage private keys.
## Planned Workflow
1. Load packaged skill ZIP output from the repo packaging dry-run.2. Verify signature manifest against maintainer trust store (TBD).3. Report pass/fail without mutating installed harness skills.
## Validation Contract
```bashuv run python skills/skill-signing-verifier/scripts/check.py```
## Critical Rules
1. Never commit or print private signing keys.2. Route live signing to maintainer-controlled release tooling when implemented.3. Pair with security-scanner for executable-surface review until signing ships.Resources
Section titled “Resources”Skill CatalogBrowse custom and external skills.
CLI ReferenceInstall and manage skills.
agentskills.ioThe open ecosystem for cross-agent skills.
