Skip to main content
skillsSource-backed

SLSA Provenance Review Capability Pack Skill

Expert SLSA provenance review skill for checking source, build, artifact, and trust evidence before accepting content or package submissions.

Level:expertType:capability-packVerified:validated
Review first review before installing

Open the source and read safety notes before installing.

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://slsa.dev/spec/v1.2/provenance, https://github.com/slsa-framework/slsa
Safety notes
Use this as a read-only evidence review workflow; ordinary intake should not require running submitted projects., The install command fetches a pinned SLSA source archive for reference, not an executable package., Provenance evidence improves confidence but does not replace human source review, category-fit review, or maintainer judgment., Treat missing, stale, unverifiable, or mismatched provenance as a risk signal and request clearer evidence before accepting strong trust claims.
Privacy notes
Work from public source URLs, release metadata, package metadata, and maintainer-approved context., Keep public notes focused on source URLs, revisions, digests, and high-level risk summaries; omit operational details that do not need to be public.
Platform compatibility
claude-code (native-skill), codex (native-skill), windsurf (native-skill), gemini (native-skill), cursor (adapter), cli (manual-context)
Author
oktofeesh1
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-03

Decision playbook

Review trust signals before you adopt

Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.

Compare context
Selected

0

Current score

86

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as source-backed.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Needs review

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    No package verification flag provided.

    Pending
  • Checksum metadata

    No checksum provided for downloaded artifact.

    Pending

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

Package install

Copy-ready — paste the snippet to get started.

Adoption plan

Balanced adoption plan

Current risk score 16/100. Use staged verification before broader rollout.

Risk 16

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    No package verification/checksum metadata.

    Pending

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (5/6 signals complete).

Risk 15

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Missing

Package integrity metadata is missing.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

5/6 steps complete with no blocking gaps for this preset.

Risk 14

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is missing.

Pending

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

5 prerequisites to line up before setup. Includes a review or approval gate.

0/5 ready
Review & approval1General4

Safety & privacy surface

Safety & privacy surface

4 safety and 2 privacy notes across 3 risk areas. Review closely: network access.

3 areas
  • SafetyExecution & processesUse this as a read-only evidence review workflow; ordinary intake should not require running submitted projects.
  • SafetyExecution & processesThe install command fetches a pinned SLSA source archive for reference, not an executable package.
  • SafetyGeneralProvenance evidence improves confidence but does not replace human source review, category-fit review, or maintainer judgment.
  • SafetyNetwork accessTreat missing, stale, unverifiable, or mismatched provenance as a risk signal and request clearer evidence before accepting strong trust claims.
  • PrivacyGeneralWork from public source URLs, release metadata, package metadata, and maintainer-approved context.
  • PrivacyGeneralKeep public notes focused on source URLs, revisions, digests, and high-level risk summaries; omit operational details that do not need to be public.

Safety notes

  • Use this as a read-only evidence review workflow; ordinary intake should not require running submitted projects.
  • The install command fetches a pinned SLSA source archive for reference, not an executable package.
  • Provenance evidence improves confidence but does not replace human source review, category-fit review, or maintainer judgment.
  • Treat missing, stale, unverifiable, or mismatched provenance as a risk signal and request clearer evidence before accepting strong trust claims.

Privacy notes

  • Work from public source URLs, release metadata, package metadata, and maintainer-approved context.
  • Keep public notes focused on source URLs, revisions, digests, and high-level risk summaries; omit operational details that do not need to be public.

Prerequisites

  • Submission target such as a registry entry, package listing, source-backed content item, or release artifact
  • Canonical source repository, docs page, release page, package URL, commit, tag, or digest evidence
  • Expected producer, repository, source revision, artifact name, and artifact digest when available
  • Access to provenance records, verification summaries, or package ecosystem metadata when the producer publishes them
  • Local policy for deciding when missing provenance is acceptable, blocking, or manual-review only

Schema details

Install type
package
Reading time
9 min
Troubleshooting
Yes
Source repository stats
Scope
Source repo
Skill and platform metadata
Skill type
capability-pack
Skill level
expert
Verification
validated
Verified at
2026-06-03
Retrieval sources
https://slsa.dev/spec/v1.2/provenancehttps://slsa.dev/spec/v1.2/verifying-artifactshttps://slsa.dev/spec/v1.2/verifying-sourcehttps://slsa.dev/spec/v1.2/build-provenancehttps://slsa.dev/spec/v1.2/source-requirementshttps://slsa.dev/spec/v1.2/distributing-provenancehttps://slsa.dev/spec/v1.2/threatshttps://raw.githubusercontent.com/slsa-framework/slsa/v1.2/docs/spec/v1.2/provenance.mdhttps://raw.githubusercontent.com/slsa-framework/slsa/v1.2/docs/spec/v1.2/verifying-artifacts.mdhttps://raw.githubusercontent.com/slsa-framework/slsa/v1.2/docs/spec/v1.2/verifying-source.md
Tested platforms
ClaudeCodexWindsurfGeminiCursorGeneric AGENTS
PlatformSupportInstall path
claude-codeNative.claude/skills/<skill-name>/SKILL.md
codexNative.agents/skills/<skill-name>/SKILL.md
windsurfNative.windsurf/skills/<skill-name>/SKILL.md
geminiNative.gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md
cursorAdapter.cursor/rules/<skill-name>.mdc
cliManualAGENTS.md or tool-specific context file
Full copyable content
# Trigger
"Apply the SLSA provenance review capability pack to this submission."

# Required output
1) Source, package, artifact, and provenance evidence inventory
2) Expected producer, repository, revision, builder, and policy
3) SLSA source/build provenance review result
4) Acceptance, rejection, or manual-review decision with evidence

About this resource

Knowledge Freshness

This capability pack is pinned to SLSA v1.2 documentation and source files verified on 2026-06-03. Refresh the SLSA spec, provenance format, and package ecosystem behavior before using it for production policy decisions.

Retrieval Sources

Prefer current SLSA specification pages and pinned source files over model memory for predicate details, verification expectations, and level-specific requirements.

Scope Note

This is not a HeyClaude submission-field factory. Use it for source and provenance review when a content, package, or registry intake needs evidence about where a submission came from, how an artifact was produced, and whether trust claims match the expected source.

Core Workflow

  1. Classify the submission as source-only content, package metadata, generated output, or a release artifact.
  2. Inventory evidence before judgment: canonical docs, repository, commit, tag, release, package metadata, artifact digest, provenance record, verification summary, and submitter claims.
  3. Establish expectations from policy: trusted producer, repository, source revision, branch or tag, artifact name, digest algorithm, builder ID, build type, external parameters, and required SLSA level.
  4. Review artifact provenance when an artifact is present: subject digest, provenance signature status, trusted builder ID, expected build type, expected source repository, expected source revision, and allowed external parameters.
  5. Review source provenance when the claim is about a repository revision: source control system, revision immutability, change history continuity, technical controls, code review claims, and verification summaries if available.
  6. Compare trust claims to evidence. Separate confirmed facts, unsupported claims, stale evidence, unverifiable links, and policy gaps.
  7. Decide the intake path: accept, accept with caveats, request more evidence, route to manual review, or reject as unverifiable or mismatched.
  8. Produce a compact provenance report with source URLs, checked identifiers, failed expectations, residual risks, and the final recommendation.

Capability Scope

  • Source repository and revision provenance review
  • Build provenance and artifact evidence checks
  • Package or generated-output source review
  • SLSA expectation mapping for intake policy
  • Digest, builder, predicate, and source-URI comparison
  • Evidence classification for maintainer review
  • Unverifiable, stale, or overclaimed trust-signal detection
  • Public-safe verification notes for PRs, registry entries, and package listings

Compatibility

Native

  • Claude Code / Claude: use as a reusable Agent Skill for provenance-heavy submission review.
  • Codex/OpenAI workflows: use as SKILL.md-style instructions for registry, package, or artifact intake.

Manual Adaptation

  • Windsurf and Gemini: adapt the workflow and output contract into their skill formats.
  • Cursor and Generic AGENTS files: convert the production rules and validation checklist into repository-level intake rules.

Required Inputs

  • Submission category and acceptance policy
  • Canonical source URL, repository URL, docs URL, release URL, or package URL
  • Commit SHA, tag, branch, release version, package version, or artifact digest
  • Published provenance, verification summary, or package ecosystem trust metadata when available
  • Expected producer and builder IDs
  • Decision threshold for missing or partial provenance

Production Rules

  • Do not treat provenance as a replacement for source review, license review, or category-fit review.
  • Do not accept a package-trust claim when the artifact digest does not match the provenance subject.
  • Do not accept a source-trust claim when the source repository, source revision, or producer is ambiguous.
  • Do not infer SLSA level from marketing copy. Require published evidence or mark the claim unsupported.
  • Prefer immutable identifiers such as commit SHAs, release tags with tag object evidence, artifact digests, and package integrity metadata.
  • Treat branch names, moving tags, latest URLs, and generated archive links as weaker evidence unless backed by stronger provenance.
  • Keep public notes focused on non-sensitive identifiers and high-level risk. Avoid publishing raw logs or operational context that is not needed for review.

Decision Rubric

Accept

  • Canonical source and artifact identifiers are clear.
  • Digest, repository, revision, builder, and predicate expectations match.
  • Published provenance or source verification evidence is reachable and current.
  • Safety, privacy, and trust notes reflect the verified evidence.

Request More Evidence

  • The source is real but the artifact digest, builder ID, release tag, or verification summary is missing.
  • Provenance exists but cannot be linked to the submitted artifact or source revision.
  • The submission makes trust claims that require maintainer confirmation.

Reject Or Route Away

  • The source URL is unverifiable, redirects to unrelated content, or conflicts with package metadata.
  • The provenance subject does not match the artifact under review.
  • The builder, source repository, or revision does not match the expected producer.
  • The submission asks maintainers to validate a generated artifact without source-backed trust evidence.

Output Contract

  1. Evidence inventory: source URL, repo, revision, package, artifact, digest, provenance, and verification-summary links.
  2. Expectations: producer, source repository, revision, builder, predicate, SLSA level, and policy threshold.
  3. Review result: matched evidence, failed checks, missing data, stale links, and unsupported claims.
  4. Safety and privacy notes: runtime risk, package or generated-output risk, public-note redactions, and residual uncertainty.
  5. Intake decision: accept, accept with caveats, request evidence, manual review, or reject.
  6. Follow-up: exact evidence needed from the submitter or maintainer before the decision can change.

Workflow Notes

  • Keep automated provenance checks read-only in public PR workflows.
  • Use maintainer-controlled workflows for any privileged package, generated output, or provenance review.
  • Store review results as summaries, not raw operational logs.
  • Re-run review when the artifact, release tag, package version, builder, or source revision changes.

Troubleshooting

Issue: The artifact has no provenance

Fix: Record the missing evidence and fall back to source, package, release, and maintainer judgment. Missing provenance may be acceptable for low-risk content but should block strong verification claims.

Issue: The provenance exists but the digest does not match

Fix: Treat the artifact as unverified. Ask for the exact artifact referenced by the provenance record or a new provenance record for the submitted artifact.

Issue: The source revision is a branch name

Fix: Resolve the branch to an immutable commit SHA, record when it was checked, and prefer a tag or release object when reviewing a published package.

Issue: The submitter claims SLSA compliance without evidence

Fix: Mark the claim unsupported. Require reachable source, builder, predicate, and verification evidence before using the claim in public metadata.

Issue: The evidence includes details that do not need to be public

Fix: Summarize only the identifiers needed for review and keep unnecessary operational details out of public issues or PRs.

Validation Checklist

  • Source, repo, package, release, and artifact URLs are reachable.
  • Artifact digest and provenance subject match when an artifact is reviewed.
  • Builder ID is one of the trusted builders for the expected policy.
  • Build type and external parameters match expected values.
  • Source repository and source revision match the submitted package or artifact.
  • Source provenance or verification summary evidence is recorded when source-level claims are made.
  • Missing or partial provenance is called out as a caveat, not hidden.
  • Public notes do not expose operational details that are unnecessary for review.

Source citations

Add this badge to your README

Show that SLSA Provenance Review Capability Pack Skill is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/skills/slsa-provenance-review-capability-pack.svg)](https://heyclau.de/entry/skills/slsa-provenance-review-capability-pack)

How it compares

SLSA Provenance Review Capability Pack Skill side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

2 trust signals differ across this comparison (Source provenance, Submitter).

Field

Expert SLSA provenance review skill for checking source, build, artifact, and trust evidence before accepting content or package submissions.

Open dossier

Expert validation skill for reviewing /llms.txt, search discovery artifacts, canonical signals, structured data, and LLM-ready documentation links.

Open dossier

Expert FastMCP review skill for auditing Python MCP server structure, tools, resources, prompts, transports, and deployment readiness before release.

Open dossier

Expert skill for reviewing GitHub Artifact Attestations, release artifact digests, workflow provenance, OIDC boundaries, and public release evidence before an AI agent recommends or publishes build outputs.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceDiffersSubmission linkedSource submissionSubmission linkedSource submissionSubmission linkedSource submissionSource-backed
SubmitterDiffersoktofeesh1oktofeesh1oktofeesh1JSONbored
Install riskReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandGitHub logoGitHub
Categoryskillsskillsskillsskills
SourceSource-backedSource-backedSource-backedSource-backed
Authoroktofeesh1oktofeesh1oktofeesh1JSONbored
Added2026-06-032026-06-032026-06-032026-06-05
Platforms
Harness
Source repo
Safety notesUse this as a read-only evidence review workflow; ordinary intake should not require running submitted projects. The install command fetches a pinned SLSA source archive for reference, not an executable package. Provenance evidence improves confidence but does not replace human source review, category-fit review, or maintainer judgment. Treat missing, stale, unverifiable, or mismatched provenance as a risk signal and request clearer evidence before accepting strong trust claims.Installing `llms-txt` adds Python dependencies in the selected environment; pin the reviewed version and prefer project-scoped tooling. The `llms_txt2ctx` helper can retrieve linked HTTPS resources while expanding context; review target URLs before running it against private staging content. Search artifacts influence crawler and model-facing discovery signals; treat canonical, robots, sitemap, and structured data changes as publish-impacting. The source archive is external and version-pinned for reference; package trust should remain a maintainer decision.Installing FastMCP adds Python packages to the selected environment; use an isolated project environment and pin the reviewed version. Reviewing a server can exercise tool, resource, and prompt paths; use controlled fixtures and avoid live side effects unless the release plan explicitly permits them. The source ZIP is external and version-pinned for reference; package trust should remain a maintainer decision. Treat destructive tools, write-capable resources, network calls, and long-running jobs as release-blocking until their behavior is documented and tested.Artifact attestation verification confirms provenance for a digest, not malware safety, runtime behavior, dependency health, or install trust. Do not approve a release when the verified repository, workflow, ref, subject digest, or commit does not match the artifact being distributed. Keep OIDC and workflow-permission review separate from ordinary release-note editing.
Privacy notesWork from public source URLs, release metadata, package metadata, and maintainer-approved context. Keep public notes focused on source URLs, revisions, digests, and high-level risk summaries; omit operational details that do not need to be public.`/llms.txt`, expanded context, sitemap, and structured data artifacts can expose URL paths, page titles, product terms, doc structure, and internal naming. Context expansion can collect linked markdown content into a single artifact, which may reveal more detail than the compact index. Keep public review notes focused on artifact shape, URL classes, stale links, and source evidence; avoid exposing private staging paths or unreleased content.FastMCP tools and resources can expose files, API responses, database records, prompts, and application state. Keep review notes focused on public source links, object names, version data, and summarized findings; omit operational details that do not need to be public.Verification evidence can expose repository names, workflow names, internal release timing, commit SHAs, artifact names, and runner metadata. Public comments should summarize verification without pasting private URLs, unpublished release notes, or internal environment details.
Prerequisites
  • Submission target such as a registry entry, package listing, source-backed content item, or release artifact
  • Canonical source repository, docs page, release page, package URL, commit, tag, or digest evidence
  • Expected producer, repository, source revision, artifact name, and artifact digest when available
  • Access to provenance records, verification summaries, or package ecosystem metadata when the producer publishes them
  • Published or staged documentation site with a known canonical origin
  • `/llms.txt` draft, `llms-full.txt` or expanded context artifact when available
  • `sitemap.xml`, `robots.txt`, canonical URL policy, and structured data inventory
  • Python 3.10 or newer when using the pinned `llms-txt` parser and context helpers
  • FastMCP server implementation, pull request, or design draft
  • Python environment compatible with FastMCP 3.4.0 and Python 3.10 or newer
  • Tool, resource, prompt, transport, and deployment target inventory
  • Expected client behavior and sample inputs for critical tools
  • Release artifact, checksum, repository, workflow run, and commit SHA under review.
  • GitHub CLI available with access to verify attestations for the target repository.
  • Release policy that defines which artifacts require provenance evidence.
Install
curl -L https://github.com/slsa-framework/slsa/archive/refs/tags/v1.2.zip -o slsa-v1.2.zip
python -m pip install llms-txt==0.0.6
uv pip install fastmcp==3.4.0
gh --version
Config
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.