verify-skill-supply-chainlisted

Vets and continuously verifies the integrity and provenance of agent skills installed with qvr. Use when a user cares about skill security, trust, signing, tampering, or supply-chain integrity — e.g. "scan this skill for problems", "is this skill safe", "verify the skill hasn't drifted", "who is allowed to author this registry's skills", "check the signature", or "gate CI on skill integrity". Covers qvr scan, lock verify (--fail-on, --repair), trust pin/verify, and provenance.
astra-sh/qvr · ★ 4 · AI & Automation · score 73

Install: claude install-skill astra-sh/qvr

# Verify the skill supply chain with qvr A skill is code-adjacent: it ships instructions and files an agent will act on. qvr gives four independent checks — a static **scan** of content, a content **hash drift** check against the lockfile, an author **trust** policy per registry, and **provenance** (source, pinning, signature). This skill combines them into a vetting pass you can run at install time and re-run in CI. ## When to use this - Before trusting a newly added or third-party skill. - To prove an installed skill hasn't been altered since it was pinned. - To enforce *who* is allowed to author skills in a given registry. - To gate CI on integrity (fail on drift or unverified entries). ## The four checks ### 1. Scan content (static analysis) `qvr scan` reads every file as a string — it never executes anything — and reports categories such as prompt-injection patterns, leaked credentials, hidden/bidi unicode, and risky permissions. The exit code is controlled by `--fail-on` (default `error`). ``` qvr scan my-skill # installed name or a path qvr scan ./skills/my-skill --fail-on critical # only fail on the worst qvr scan my-skill --severity warning # show warnings and up qvr scan my-skill --against origin/main # only findings new vs a ref qvr scan my-skill --format sarif > scan.sarif # machine-readable for CI (scan has no -o; redirect) ``` Install-time scanning is on by default (`security.scan_o