Claude Code skills for AI-native development: quality assurance, supply chain security, and architecture patterns
Review code changes for AI Quality Paradox violations and AI-native architecture anti-patterns. Complements Claude Code's built-in /code-review: /code-review hunts correctness bugs; qa-check owns AI-specific quality decay and architecture, including rework risk, test integrity (weakened or gamed tests), dependency provenance, spec discipline, validation gaps, and maintainability smells. Ships a deterministic push gate (PreToolUse hook, no LLM calls): repos with a .qa-check-required file block git push until /qa-check has run.
Single-command supply chain security audit. Queries live advisory sources (npm audit, OSV.dev, GitHub Advisory Database) and scans for dangerous version ranges, lock file issues, typosquatting, slopsquatting and hallucinated dependencies, and local IOC artifacts. Wraps npm audit with active threat heuristics.