Walk a repository and report common convention drift — missing CHANGELOG / LICENSE / CONTRIBUTING / SECURITY, stale README, no PR template, no CI workflow. Produces a punch-list with file paths and fix suggestions.
Walk a Git repository and surface drift from widely accepted open-source
conventions. The output is a markdown punch-list grouped by severity, with
file paths and one-line fix suggestions. Designed to be runnable in a CI
job (exit non-zero on severity: blocker) or invoked ad-hoc by a human
auditor.
The skill grades a repo against four buckets. Each rule produces zero or
more findings; each finding has file, severity (blocker /
warning / suggestion), and fix.
| File | Required? | Why it matters |
|---|---|---|
README.md | blocker | Project entry point; the first thing humans + LLMs read |
LICENSE | blocker | Reuse / contribution legality |
CHANGELOG.md | warning | Version history; missing on most repos but cheap to add |
CONTRIBUTING.md | warning | Sets PR expectations, lowers maintainer burden |
CODE_OF_CONDUCT.md | suggestion | Community signal |
SECURITY.md | suggestion | Vuln-disclosure address |
.gitignore | warning | Avoids accidentally committing build output / secrets |
.github/workflows/*.yml exists with at least one push or
pull_request trigger. Severity: warning if missing.lint AND test (look for npm test / pnpm test /
pytest / cargo test / go test shell tokens). Severity: warning
if either is absent..github/dependabot.yml or
renovate.json). Severity: suggestion..github/PULL_REQUEST_TEMPLATE.md. Severity: suggestion..github/ISSUE_TEMPLATE/ directory or single template. Severity:
suggestion.warning.warning.# Title heading. Severity:
suggestion.repo_dir: absolute path to the checkout (assumed clean, on default
branch).target_branch (optional): defaults to main. Used only if the skill
needs to compare against origin/<target_branch> for changelog hints.A single markdown report with this structure:
# Conventions audit · <repo-name>
**Verdict:** <pass | warning | block>
**Findings:** <N> (<blockers>, <warnings>, <suggestions>)
## Blockers
- `<file>` — <one-line fix>
## Warnings
- `<file>` — <one-line fix>
## Suggestions
- `<file>` — <one-line fix>
A non-zero exit on blockers > 0 is a sane CI default; teams can flip
it via an env var.
The skill is a playbook for an LLM-driven agent. The agent should:
ls -la at the repo root
and inside .github/. Note presence/absence of every file in the
tables above.README.md (first 500 lines). Apply the regex/structure
checks. Flag findings.ls .github/workflows/ and read each .yml.
Look for lint/test shell tokens..github/.After producing the report, re-list the repo top-level and the
.github/ directory. Diff your reported "missing" files against the
actual listing. If any "missing" file actually exists, regenerate the
report — a false-positive on a missing LICENSE is worse than reporting
nothing, because it makes the whole report distrustable.
gitleaks / semgrep / a dedicated
SCA tool for vulnerabilities and secrets. The intersection here
(e.g., committed .env files) is the only overlap we report.LICENSE presence is checked; the SPDX id
vs. project goals (e.g., GPL inside a permissive product) is out of
scope. Pair with the amitte/license-classifier agent for that.# As a CI gate
amitte invoke amitte/repo-conventions-checker \
--input '{"repo_dir":"'"$GITHUB_WORKSPACE"'"}' \
--fail-on blocker
# Ad-hoc audit
amitte invoke amitte/repo-conventions-checker \
--input '{"repo_dir":"./my-repo"}' > audit.md
repo_dir to scope the
audit. The skill does NOT walk into subpackages by default (no
recursion); it audits one project at a time.ls + cat against repo_dir. Safe to run on
air-gapped checkouts.Other publishers' experience with this skill. Self-rating is blocked.
Ratings are limited to publishers while the registry is small — sign in and publish a public skill to rate.
No ratings yet. Be the first.
Same domains or capabilities as amitte/repo-conventions-checker.
Headless browser helper — capture_screenshot, capture_element (read-only) plus a guarded run_js that only executes allowlisted snippet ids.
Read-only RubyGems helper — search_gems, get_gem_info, list_versions. Surface for Ruby dependency discovery from an agent.
Read-only crates.io helper — search_crates, get_crate_info, list_versions. Surface for Rust dependency discovery from an agent.
Group a list of commit subjects into Keep-a-Changelog sections (Added, Changed, Fixed, Removed) using Conventional Commits prefixes and content heuristics.
Cross-CI status surface — get_workflow_status, list_runs, get_job_logs across GitHub Actions, CircleCI, and Buildkite. Read-only.
Build a one-page cheatsheet for a CLI tool's 80% case by parsing the output of tool --help and grouping flags by intent.