Use when designing or auditing repo conventions: `.conventions.yaml` descriptor, agent contract files (CLAUDE.md / AGENTS.md), docs taxonomy, verification gates, repo-local skill placement, `.work/` layout, `.wiki/` rules. Pick an archetype (whole-repo shape: epic-wrapper for multi-repo products, brain for personal/knowledge-base repos) and stack recipes (core-beliefs, docs-taxonomy, agent-knowledge, work, wiki, project-skill-placement, verify-script). Stack-agnostic. Skip for one-off product naming or domain architecture questions where no convention surface is being changed.
This listing is imported from SkillsMP metadata and should be treated as untrusted until upstream source review is completed.
Install skill "convention-engineering" with this command: npx skills add gh-xj/skillsmp-gh-xj-gh-xj-convention-engineering
This source entry does not include full markdown content beyond metadata.
This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.
Related by shared tags or category signals.
Use when designing, bootstrapping, auditing, repairing, or evolving a Slock-agent-to-epic-repo protocol: Slock agents mapped by slock_agent_registry to concrete leaf repos, generated pointer-only MEMORY.md files, generated repo symlinks, per-leaf tracked .work stores, repo-local skill mirrors, and cross-repo handoffs. Do not use for ordinary Slock chat/task commands or generic repo conventions without Slock agent mapping.
Audit AI agent skills for security vulnerabilities. Use when scanning installed skills against the OWASP Agentic Skills Top 10, checking skills before runnin...
AI runtime security monitoring — context graph analysis, runtime audit log correlation with CVE findings, and vulnerability analytics queries. Use when the u...
Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container...