✦
Security & Quality
lint
Enforce metadata standards across your skill fleet. Validates required frontmatter fields, checks SPDX license identifiers, verifies URLs, and can auto-fix missing fields from git context.
Why it matters
Incomplete metadata breaks downstream tooling. Without a name, skills-check can't track a skill. Without product-version, check can't detect drift. Without a license, legal compliance is impossible. Lint ensures every skill meets the bar before it ships.
What it does
- Validates required fields: name, description (always required)
- Checks publish-ready fields: author, license, repository
- Validates conditional fields: product-version when products are referenced, agents when agent-specific
- Verifies format: semver syntax, SPDX license identifiers (100+ supported with OR/AND expressions), valid URLs
- Auto-fix mode populates missing fields from git context (author from git config, repo from git remote)
Usage
npx skills-check lint [dir] [options]Options
| Flag | Description |
|---|---|
--fix | Auto-fix missing fields from git context |
--ci | CI mode with strict exit codes |
--fail-on <level> | Threshold: error or warning |
-f, --format <type> | Output: terminal or json |
Examples
Lint all skills
npx skills-check lintAuto-fix from git
npx skills-check lint --fixCI gate
npx skills-check lint --ci --fail-on errorJSON output
npx skills-check lint --format jsonWhen to use this
- Before committing a new skill
- After editing frontmatter metadata
- To auto-fix missing fields from git context
Related commands
Common findings
- Missing product-version — no version tracking possible
- Invalid SPDX license — unrecognized license identifier
- Missing author — skill has no attribution
CI tip
Run lint --fix locally before committing to auto-populate metadata. Use lint --ci in CI to catch skills that slip through without proper frontmatter.