Loading...
Loading...
Found 7 Skills
Add SLSA build-provenance attestations to existing GitHub Actions workflows. Use when the user wants to add artifact attestations, build provenance, or SLSA attestations to Docker container image builds in GitHub Actions CI/CD pipelines.
Verify, download, and inspect build provenance attestations using the orbit CLI. Use this skill whenever the user asks about verifying attestations, checking provenance, inspecting Sigstore bundles, SLSA provenance, build provenance, verifying binaries, downloading attestation bundles, signer identity, in-toto attestations, or supply chain security. Trigger on phrases like 'verify attestation', 'check provenance', 'inspect bundle', 'build provenance', 'sigstore', 'SLSA', 'verify binary', 'attestation download', 'download bundle', 'check signer', 'inspect attestation', 'provenance verification', 'verify artifact', 'supply chain verification', 'check build origin', or any attestation-related task — even casual references like 'is this binary legit', 'who built this', 'where did this artifact come from', 'check the bundle', or 'show provenance'. The orbit CLI alias for attestation is `attest`.
Use when building professional installers for desktop applications - covers macOS DMG with app bundles, Windows MSI with WiX, Linux DEB packages, GitHub Actions automation, and SLSA attestations
Guides cloud compliance—mapping SOC 2, ISO 27001, HIPAA, PCI DSS, FedRAMP, and data-residency requirements to cloud controls; collecting audit evidence from AWS, GCP, and Azure APIs; shared-responsibility narratives; CSPM/Config continuous monitoring; customer assurance questionnaires (CAIQ/SIG); and cloud-specific gap remediation before attestations. Use when scoping regulated workloads in cloud, preparing cloud control evidence for auditors, interpreting provider compliance artifacts (BAA, PCI AOC, FedRAMP packages), or proving residency and logging in multi-account estates—not for org-wide GRC programs and audit coordination without cloud evidence (compliance-specialist), non-cloud systems evidence automation (compliance-engineer), implementing security guardrails (cloud-security-engineer), legal DPAs or contract redlines (commercial-counsel), security strategy (cybersecurity), or CI pipeline gates only (devsecops).
Provides domain knowledge and guidance for the Flare Data Connector (FDC)—attestation types, request flow, Merkle proofs, verifier/DA Layer, and smart contract integration. Use when working with FDC, cross-chain attestations, EVMTransaction, Web2Json, Payment, AddressValidity, XRPPayment, XRPPaymentNonexistence, proof-of-reserves, weather insurance, or Flare Developer Hub FDC guides and starter repos.
GitHub CLI workflows for repositories, issues, pull requests, actions, releases, projects, and API calls. Use when creating PRs, reviewing code, triaging issues, triggering workflows, publishing releases, managing projects, verifying attestations, or querying the GitHub API. Use for gh cli, github automation, code review, release management.
Query Ethereum network data via ethpandaops CLI or MCP server. Use when analyzing blockchain data, block timing, attestations, validator performance, network health, or infrastructure metrics. Provides access to ClickHouse (blockchain data), Prometheus (metrics), Loki (logs), and Dora (explorer APIs).