claude-skill-spec-audit

Audit skill SKILL.md files for compliance with the agentskills.io specification. Checks frontmatter fields (name, description, compatibility, metadata, argument-hint) and metadata sub-fields (author, scope, confirms). Use when adding new skills, reviewing skill quality, or ensuring all skills follow the spec. Triggers: "audit skills", "check skill spec", "skill compliance", "are my skills up to spec", "/claude-skill-spec-audit".

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "claude-skill-spec-audit" with this command: npx skills add jackchuka/skills/jackchuka-skills-claude-skill-spec-audit

Skill Spec Audit

Check installed skills against the agentskills.io specification and local conventions for metadata completeness.

Arguments

  • Skill names: tokens after the command -> filter to those skills only
  • --fix: automatically add missing fields (prompts for values)
  • Default: scan all non-symlinked skills in ~/.claude/skills/

Spec Requirements (agentskills.io)

FieldRequiredNotes
nameYes1-64 chars, lowercase, hyphens only, must match directory name
descriptionYes1-1024 chars, non-empty
compatibilityNoMax 500 chars, environment requirements
metadataNoArbitrary key-value map
allowed-toolsNoSpace-delimited tool list (experimental)

Naming Conventions

Skill names follow the pattern: [scope]-[platform/org]-[group]-[name]

Rules

  1. Lowercase, kebab-case, no consecutive hyphens, 2-4 words, max 40 chars
  2. Role-noun suffixes allowed (-writer, -scheduler, -namer)
  3. Standardized action synonyms: audit (compliance), scan (broad analysis), search (lookup), triage (classify+act)

Scope prefix (required)

Derived from metadata.scope:

ScopePrefixExample
personalp-p-slack-triage, p-daily-standup
organizationo-o-org-release-digest
generic(none)skill-spec-audit, gh-dep-pr-triage

Platform prefix (when single-platform dependent)

PlatformPrefixWhen to use
GitHubgh-Skill requires gh CLI or GitHub API
Gitgit-Skill requires git but not GitHub
Slackslack-Skill requires Slack MCP server
Google Workspacegws-Skill requires gws CLI

Multi-platform or general skills stay unprefixed. If a skill touches 2+ platforms, no platform prefix — the scope prefix alone is enough.

Group prefix (when 2+ skills share a domain)

GroupSkills in group
daily-standup, report, reflection
skill-dry-run, prereq-audit, spec-audit
blog-writer, post-mining
oss-release, release-prep
org-release-digest, incident-investigation, sync-skills-to-plugins

When creating a new skill, check for existing siblings. If a second skill appears in the same domain, retroactively add a shared prefix to both.

Local Conventions (beyond spec)

These are project-specific conventions enforced on top of the spec:

FieldExpectedValues
argument-hintIf skill accepts argsShort usage hint string
metadata.authorAlwaysMust be present (non-empty)
metadata.scopeAlwaysgeneric, personal, or organization
metadata.confirmsIf skill has side effectsList of operations requiring user confirmation

Workflow

Phase 1: Discover Skills

  1. Glob for ~/.claude/skills/*/SKILL.md
  2. Also check .claude/skills/*/SKILL.md (project-level)
  3. Skip symlinks — those point to .agents/skills/ and have their own conventions
  4. If user specified skill names, filter to matching directories
  5. Read each SKILL.md frontmatter

Phase 2: Validate Each Skill

For each SKILL.md, check:

Spec compliance:

  1. name exists, matches directory name, is lowercase with hyphens only, no consecutive hyphens, 1-64 chars
  2. description exists, is non-empty, 1-1024 chars
  3. compatibility exists (warn if missing — not required by spec but expected locally)

Naming conventions:

  1. Scope prefix matches metadata.scope: p- for personal, o- for organization, none for generic
  2. Platform prefix present if skill depends on a single platform (gh-, git-, slack-, gws-)
  3. No platform prefix if skill uses 2+ platforms
  4. Action synonym is standardized: audit not review/check, scan not inspect
  5. No single-word names (must have at least one hyphen)
  6. Max 40 chars, 2-4 words
  7. Abbreviations only from allowlist: pr, cli, oss, dep, mcp, gh, gws

Local conventions:

  1. metadata.author is present and non-empty
  2. metadata.scope is one of: generic, personal, organization
  3. metadata.confirms exists if the skill body references any of these patterns:
  • Slack: send_message, post message, post to Slack
  • Git: git commit, git push, create commit, push to remote
  • GitHub: merge, approve, create PR, create issue, create release, gh release
  • Calendar: create event, insert event
  • Files: save to, write to, create file
  • Install: brew install, install
  1. argument-hint exists if the skill body references arg parsing, ## Arguments, or accepts parameters

Phase 3: Report

Print a table:

## Skill Spec Audit

| Skill | name | naming | desc | compat | author | scope | confirms | arg-hint | Issues |
|-------|------|--------|------|--------|--------|-------|----------|----------|--------|
| gh-dep-pr-triage | ok | ok | ok | ok | ok | ok | ok | — | 0 |
| p-blog-writer | ok | ok | ok | ok | ok | ok | ok | ok | 0 |
| new-skill | ok | MISS:scope-prefix | ok | MISS | MISS | MISS | WARN | — | 4 |

Legend: ok = present and valid, MISS = missing, WARN = likely needed but missing, — = not applicable
Summary: N skills checked, M fully compliant, X issues found

Phase 4: Fix (if --fix or user asks)

For each issue, prompt the user for the value or infer it:

FieldInference strategy
compatibilityScan for CLI tools, MCP servers in body -> suggest "Requires X, Y"
metadata.authorInfer from existing skills or ask user
metadata.scopeAsk user: generic, personal, or organization?
metadata.confirmsExtract side-effect patterns from body, present list for confirmation
argument-hintExtract from ## Arguments section if present, otherwise ask

After fixing, use Edit to insert missing fields before the closing ---.

Re-run validation and show updated table.

Determining metadata.scope

ScopeCriteria
genericWorks for anyone, no personal/org-specific data
personalReferences your specific accounts, channels, search terms, voice
organizationReferences company repos, internal tools, team-specific workflows

Determining metadata.confirms

Only add confirms if the skill can perform irreversible or externally-visible operations. Read-only skills (scanning, searching, reporting) do NOT need confirms.

Common confirms patterns:

Operationconfirms entry
Post Slack messagesend Slack messages
Merge PRmerge PRs
Approve PRapprove PRs
Create GitHub issuecreate GitHub issues
Create GitHub releasecreate GitHub releases
Create calendar eventcreate calendar event
Git commitcreate git commit
Git pushpush to remote
Write filessave to filesystem
Install toolsinstall missing tools
Create PRcreate PR
Modify settingsmodify settings files

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

claude-permissions-audit

No summary provided by upstream source.

Repository SourceNeeds Review
6-jackchuka
Security

claude-skill-prereq-audit

No summary provided by upstream source.

Repository SourceNeeds Review
6-jackchuka
Security

dev-cli-consistency-audit

No summary provided by upstream source.

Repository SourceNeeds Review
4-jackchuka
General

restaurant-search

No summary provided by upstream source.

Repository SourceNeeds Review
14-jackchuka