Use this checklist when preparing a skill for review, publication, or internal deployment.
Before Scanning
- The skill has a narrow, concrete purpose.
SKILL.md describes when the skill should activate.- Tool, shell, network, file, environment, and MCP capabilities are declared when used.
- Scripts and references are necessary for the stated use case.
- Test fixtures, examples, and generated files are either intentionally included or excluded.
Scanning
- Run SkillSpector against the complete skill directory.
- Save a Markdown or SARIF report for review.
- Resolve critical and high findings before release.
- Review medium findings for policy or usability impact.
- Confirm the skill description matches executable behavior.
Skill Card
- Description is one sentence and names the actual behavior.
- Owner is a person or accountable team.
- License or terms are linked.
- Use case names intended users and workflows.
- Deployment geography is explicit.
- Known risks have specific mitigations.
- Output type and format are clear.
- Version or signing identifier matches the release.
Signing
- Sign the exact directory that passed review.
- Publish
skill.oms.sig at the top level of the skill directory.
- Publish or reference the expected certificate chain.
- Verify the published artifact before announcing availability.
Release Packet
The release packet should include:
- Skill source or release artifact
- Skill card (
skill-card.md)
- SkillSpector report or CI link
- Tier-3 evaluation dataset — accepted at
evals/evals.json, evals/*.json, eval/*.json, or benchmark/evals.json
BENCHMARK.md capturing the benchmark report from the evaluation run- Detached OMS signature (
skill.oms.sig)
- Verification instructions
- Known limitations and support contact
Skills