Supply chain provenance verification using SLSA attestations. Verifies that build artifacts (npm packages, Docker images, release binaries) have valid SLSA provenance attestations chaining to a trusted CI environment. Flags unsigned or tampered artifacts as CI failures. Integrates with gh CLI attestation and slsa-verifier. Env vars: SLSA_MIN_LEVEL. (qa-agentic-team)
This listing is imported from SkillsMP metadata and should be treated as untrusted until upstream source review is completed.
Install skill "qa-slsa" with this command: npx skills add vslvslv/skillsmp-vslvslv-vslvslv-qa-slsa
This source entry does not include full markdown content beyond metadata.
This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.
Related by shared tags or category signals.
Natural-language code property assertions via LLM judge. Reads *.intent.yaml files from the project defining plain-English properties that code must satisfy ('This function must never return a negative balance'), then evaluates each assertion against the target code using an LLM judge. Novel assertion paradigm that catches semantic intent violations that unit tests miss. Env vars: INTENT_STRICT, INTENT_DIR. (qa-agentic-team)
Automated accessibility audit skill. Three-phase pipeline: (1) axe-core rule-based scan via @axe-core/playwright (covers ~35% WCAG 2.1 AA issues), (2) Claude semantic layer grouping violations by WCAG POUR principle with user impact and code-level fix suggestions, (3) AI-generated alt text for images lacking descriptions. Produces a structured report with WCAG SC references, severity, and fix confidence. Use when asked to "qa accessibility", "a11y audit", "WCAG check", "axe scan", or included automatically by /qa-team for web apps. (qa-agentic-team)
CI build intelligence from OTel traces. Analyzes build trace data emitted by Honeycomb buildevents or an OTLP backend to identify the slowest test stages, flappy infrastructure steps, parallelism opportunities, and recurring failure patterns across recent runs. Produces an actionable CI optimization report. Env vars: BUILDEVENTS_APIKEY, CI_TRACE_LOOKBACK, HONEYCOMB_DATASET. (qa-agentic-team)
AI API cost tracking and budget gate. Reads token usage metadata from CTRF output files produced by qa-* skills, computes estimated cost per skill using current Claude model pricing, and can block CI if the total run cost exceeds a configured budget. Provides financial observability alongside functional QA observability. Env vars: QA_COST_BUDGET, QA_COST_MODEL. (qa-agentic-team)