mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-26 19:54:37 +03:00
Homan Ansari
5f5edbb30b
Issues found in review: 1. tools/validate-skill.py: parse_frontmatter operated on the stripped line, so an indented nested `name:` (under framework-mapping lists, e.g. `name: 'Create Fake Materials: Fake Website'`) clobbered the skill's top-level `name`. That produced 94 spurious "invalid kebab-case name" failures out of 762. Now indented (non-list) key lines are ignored, so only top-level keys define frontmatter fields. Result: 762/762 pass. 2. Two divergent validators: the CI workflow had its own weaker inline parser (no subdomain/tag/description checks) requiring a different field set than tools/validate-skill.py. CI now delegates to tools/validate-skill.py --all (single source of truth); REQUIRED_FIELDS aligned to include version/author/license. The duplicate-name and stats steps are unchanged. 3. README: added an explicit authorized-&-lawful-use disclaimer next to the existing "not affiliated with Anthropic" note, since the library ships offensive/dual-use techniques. No skill content changed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Skill Validation Tools
validate-skill.py
Validate SKILL.md metadata before submitting a PR.
Usage
# Validate a single skill
python tools/validate-skill.py skills/my-new-skill/
# Validate all skills
python tools/validate-skill.py --all
What it checks
- SKILL.md exists in the skill directory
- Valid YAML frontmatter (between
---markers) - Required fields present:
name,description,domain,subdomain,tags - Name is kebab-case, 1–64 characters
- Description is at least 50 characters (no upper limit; multi-line folded scalars are valid)
- Domain is
cybersecurity - Subdomain is from the allowed list
- Tags is a list with at least 2 items
Requirements
Python 3.8+ (stdlib only, no external dependencies)