Menu
Validates frontmatter and body structure of all skills, agents, and commands in a plugin. Triggers: validate components, check frontmatter, component audit, skill validation.
Redacta agradecimientos post-proceso diferenciados por persona, evidencia de interaccion, voz de marca y lint offline contra FOMO, hustle, servilismo y promesas no verificables.
Optimiza CV y carta de presentacion para ATS, rol objetivo y voz de marca con lint offline de keywords, secciones, longitud, contacto y tono.
Cosecha aprendizajes, valida evidencia y produce un cierre de conversacion reproducible con handoff, riesgos y plan de actualizaciones durables.
Orchestrates JM-ADK Alfa repository maintenance in fixed safety phases: bootstrap, repo sync audit, local state preservation, isolated branch planning, selective import or consolidation planning, cleanup planning, validation gates, and closeout blockers.
Validates plugin directory layout against the official Claude Code plugin spec. Triggers: validate structure, check layout, directory audit, plugin skeleton check.
Use when the user asks to "scan for secrets", "detect credentials", "sanitize sensitive data", "check for exposed passwords", "run security gate G0", or mentions secret detection, credential scanning, security gate G0, sensitive data masking, API key exposure, token detection.
| name | validate-components |
| version | 1.0.0 |
| description | Validates frontmatter and body structure of all skills, agents, and commands in a plugin. Triggers: validate components, check frontmatter, component audit, skill validation. |
| author | JM Labs (Javier Montaño) |
| allowed-tools | ["Read","Glob","Grep","Bash"] |
"Frontmatter is the API contract of a skill. Without it, the runtime cannot discover, route, or constrain."
Validates that every skill, agent, and command file has correct YAML frontmatter, required fields, proper types, and a well-structured body. [EXPLICIT]
assets/component-report-contract.json defines report shape.assets/count-consistency-policy.json requires component counts and docs alignment.assets/private-component-policy.json blocks private paths from publishable component inventories.scripts/validate_components_report.py validates reports offline.scripts/check.sh runs positive and negative fixtures.Fail closed when counts are missing, docs are out of sync while status claims pass, private paths appear as publishable components, or clean claims lack validation evidence. [EXPLICIT]
skills/*/SKILL.md for skills.agents/*.md for agents.commands/*.md for commands.INFO: No <type> found.For each skills/*/SKILL.md:
--- delimiters).CRITICAL if missing.CRITICAL if missing, WARNING if <20 chars.CRITICAL if missing. CRITICAL if not an array. Valid tool names include: Read, Write, Edit, Glob, Grep, Bash, WebFetch, WebSearch, NotebookEdit, TodoWrite.INFO if missing (recommended but not required by spec).INFO for each.For each skill, check the markdown body (content after closing ---):
# or ##) that serves as the skill title.Procedure, Steps, Workflow, Process. WARNING if no procedural section found.INFO if no lists detected.CRITICAL if body is empty.For each agents/*.md:
CRITICAL if missing.CRITICAL if missing.WARNING if missing (agents without tool constraints may have unintended access).For each commands/*.md:
CRITICAL if missing.true (boolean). CRITICAL if missing or set to false.INFO if missing (commands without arguments are valid).name values from skills, agents, and commands.WARNING for any duplicate name appearing in multiple components.CRITICAL if the same name appears within the same component type (two skills named identically).| Component | Type | Severity | Finding |.allowed-tools: "Read, Bash" (string) is detected as wrong.allowed-tools list is appropriate for its procedure -- only checks format and recognized tool names.user-invocable field is validated as a boolean, but YAML parsers accept yes/no/on/off as boolean equivalents -- this skill treats only true as valid.Bad finding:
Missing name in skill. [EXPLICIT]
Missing: no file path, no field name, no expected type. [EXPLICIT]
Good finding:
CRITICAL | skills/validate-hooks/SKILL.md | name | Missing. Expected: non-empty string in YAML frontmatter. | (absent)
Includes: severity, exact file path, field name, expected type, current value. [EXPLICIT]
allowed-tools as a comma-separated string instead of a YAML array. [EXPLICIT]user-invocable: "true" (string) as valid when a boolean is required. [EXPLICIT]alias-of pointing to itself -- CRITICAL (circular alias). [EXPLICIT]| or > YAML syntax -- valid, do not flag. [EXPLICIT]Example invocations: