Verification

verification-loop is a Claude Code verification workflow for checking builds, types, lint, tests, security, and diffs after code changes. This verification-loop skill is useful before PRs and after refactors when you want a structured post-change guide instead of a generic prompt.

qa-only is a report-only QA skill for testing web apps, documenting bugs, and capturing evidence without making fixes. It is designed for QA reviewers and agents who need a structured bug report, health scoring, screenshots, and repro steps. Use qa-only when you want a bug-report workflow instead of test-fix-verify.

The test-driven-development skill helps you change code by writing a failing test first, then making the smallest fix pass. Use it for logic changes, bug fixes, regressions, and edge cases where proof matters more than a plausible patch.

solana-vulnerability-scanner is a focused Solana security audit skill for native Rust and Anchor programs. It helps review CPI logic, PDA validation, signer and ownership checks, and sysvar spoofing to catch six critical Solana-specific vulnerabilities before deployment.

cosmos-vulnerability-scanner finds consensus-critical bugs in Cosmos SDK modules, CosmWasm contracts, IBC integrations, and Cosmos EVM stacks. Use this cosmos-vulnerability-scanner guide for security audit workflows, chain-halt risks, fund-loss paths, and pre-launch reviews.

code-maturity-assessor provides an evidence-based maturity review using Trail of Bits’ 9-category framework. It assesses arithmetic safety, auditing, access control, complexity, decentralization, documentation, MEV risk, low-level code, and testing, with actionable recommendations for security audit readiness.

cairo-vulnerability-scanner scans Cairo/StarkNet smart contracts for six critical issues, including felt252 arithmetic errors, L1-L2 messaging flaws, address conversion bugs, and signature replay. Use this cairo-vulnerability-scanner skill for Security Audit reviews of StarkNet contracts.

reflect is a Skill Validation tool for reviewing a prior response or output. It uses complexity triage and verification to catch missed flaws, weak reasoning, and overconfident approval before work ships.