verification-before-completion
v2.56.0Enforces fresh verification evidence before any completion claim. Use when about to claim "tests pass", "bug fixed", "done", "ready to merge", or handing off...
⭐ 0· 132·0 current·0 all-time
byIlia Alshanetsky@iliaal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description match the SKILL.md instructions. The skill is instruction-only and asks the agent to run verification commands (git status, test/build/lint/security checks), read outputs, and verify diffs — all appropriate for a verification-enforcement tool.
Instruction Scope
Instructions require running local repo commands and reading working-tree state and command output (e.g., git, test runners, build). This is within the stated purpose, but the SKILL.md's insistence on executing commands 'in this message, with output shown' means an agent will run shell commands and include their stdout/stderr in conversation, which can expose sensitive data if tests or builds print secrets or access environment variables. The instructions do not request unrelated files, environment variables, or external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. Runtime instructions reference standard repo commands only and do not request unrelated secrets.
Persistence & Privilege
always is false and the skill is user-invocable. There is no request for permanent presence, nor any instruction to modify other skills or global agent configuration.
Assessment
This skill is coherent for teams that want an automated 'run the checks now and show me the output' guardrail. Before installing, consider: 1) it will direct agents to run repo commands and include command output in messages — ensure tests/builds don't print secrets or credentials; 2) run it with agents that have only the repository-level access they need (avoid enabling it in agents with broad system or production access); 3) be cautious in repositories where test commands have side effects (DB writes, network calls) — prefer sandboxed or CI-like environments; 4) if you need stronger limits, require explicit human approval before the agent executes destructive or networked verification steps. Overall the skill appears to do what it says.Like a lobster shell, security has layers — review code before you run it.
latestvk97b4598h67z235aja1x41bqdx84t1a3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.