Reintroduce virus-scan as a clearer legacy alias for stale skills.sh pages

Removing the alias entirely fixed the canonical repo surface but left the live
skills.sh listing showing an old stale page with unhelpful copy. This brings
`virus-scan` back only as a legacy alias for `security-scan`, with better title
and description text, and keeps the manifest, README, and CI aligned with that
intentional compatibility surface.

Constraint: Improve the external stale page experience without changing the canonical security-scan behavior
Rejected: Keep virus-scan fully removed | leaves a worse stale skills.sh page with outdated messaging
Rejected: Restore the old virus-scan copy unchanged | keeps the stale surface misleading and low-quality
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Treat virus-scan as presentation/compatibility debt only; keep security-scan as the preferred real command
Tested: Local `npx skills add . --list --full-depth`; local isolated `--skill virus-scan` install; readback of README, manifest, and workflow alignment
Not-tested: External skills.sh refresh timing after push

Author: jasperdevs

.github/workflows/verify-pack.yml

@@ -80,6 +80,34 @@ jobs:
             if (manifest.aliases && !Array.isArray(manifest.aliases)) {
               fail("Manifest aliases must be an array when present.");
             }
+
+            for (const alias of manifest.aliases ?? []) {
+              if (!alias.name || !alias.path || !alias.replaced_by) {
+                fail(`Alias entry is missing required fields: ${JSON.stringify(alias)}`);
+              }
+              if (seenNames.has(alias.name)) {
+                fail(`Duplicate manifest entry for alias: ${alias.name}`);
+              }
+              if (!alias.deprecated) {
+                fail(`Alias ${alias.name} must be marked deprecated.`);
+              }
+              if (!canonicalNames.has(alias.replaced_by)) {
+                fail(`Alias ${alias.name} points to missing replacement target: ${alias.replaced_by}`);
+              }
+              seenNames.add(alias.name);
+              const aliasPath = path.resolve(alias.path);
+              const aliasFile = path.join(aliasPath, "SKILL.md");
+              if (!fs.existsSync(aliasPath) || !fs.statSync(aliasPath).isDirectory()) {
+                fail(`Alias path does not exist: ${alias.path}`);
+              }
+              if (!fs.existsSync(aliasFile)) {
+                fail(`Alias is missing SKILL.md: ${alias.path}`);
+              }
+              const frontmatterName = readFrontmatterName(aliasFile);
+              if (frontmatterName !== alias.name) {
+                fail(`Manifest alias/path mismatch for ${alias.name}; SKILL.md declares ${frontmatterName}`);
+              }
+            }
           '
 
       - name: Verify discovery output matches manifest
@@ -89,7 +117,10 @@ jobs:
           OUTPUT="$OUTPUT" node -e '
             const fs = require("fs");
             const manifest = JSON.parse(fs.readFileSync("skills-pack.json", "utf8"));
-            const names = manifest.skills.map((skill) => skill.name);
+            const names = [
+              ...manifest.skills.map((skill) => skill.name),
+              ...(manifest.aliases ?? []).map((skill) => skill.name),
+            ];
             const output = process.env.OUTPUT ?? "";
             const missing = names.filter((name) => !output.includes(name));
             if (missing.length) {
@@ -118,7 +149,10 @@ jobs:
             const fs = require("fs");
             const path = require("path");
             const manifest = JSON.parse(fs.readFileSync("skills-pack.json", "utf8"));
-            const expected = manifest.skills.map((skill) => skill.name).sort();
+            const expected = [
+              ...manifest.skills.map((skill) => skill.name),
+              ...(manifest.aliases ?? []).map((skill) => skill.name),
+            ].sort();
             const installedDir = path.join(process.env.TMP_DIR, ".agents", "skills");
             const installed = fs.readdirSync(installedDir, { withFileTypes: true })
               .filter((entry) => entry.isDirectory())
@@ -132,26 +166,36 @@ jobs:
             }
           '
 
-      - name: Verify README stays aligned with canonical skills
+      - name: Verify deprecated alias install path still works
+        env:
+          PACK_SOURCE: ${{ github.workspace }}
+        run: |
+          TMP_DIR="$(mktemp -d)"
+          pushd "$TMP_DIR" >/dev/null
+          npx skills add "$PACK_SOURCE" -y --agent codex --skill virus-scan --copy
+          popd >/dev/null
+          test -f "$TMP_DIR/.agents/skills/virus-scan/SKILL.md"
+
+      - name: Verify README stays aligned with pack surface
         run: |
           node -e '
             const fs = require("fs");
             const manifest = JSON.parse(fs.readFileSync("skills-pack.json", "utf8"));
             const readme = fs.readFileSync("README.md", "utf8");
-            for (const skill of manifest.skills) {
-              const installNeedle = `--skill ${skill.name}`;
-              const commandNeedle = `\`$${skill.name}\``;
+            const names = [
+              ...manifest.skills.map((skill) => skill.name),
+              ...(manifest.aliases ?? []).map((skill) => skill.name),
+            ];
+            for (const skillName of names) {
+              const installNeedle = `--skill ${skillName}`;
+              const commandNeedle = `\`$${skillName}\``;
               if (!readme.includes(installNeedle)) {
-                console.error(`README is missing install command for ${skill.name}`);
+                console.error(`README is missing install command for ${skillName}`);
                 process.exit(1);
               }
               if (!readme.includes(commandNeedle)) {
-                console.error(`README is missing command table entry for ${skill.name}`);
+                console.error(`README is missing command table entry for ${skillName}`);
                 process.exit(1);
               }
             }
-            if (readme.includes("virus-scan")) {
-              console.error("README still contains removed skill name: virus-scan");
-              process.exit(1);
-            }
           '

README.md

@@ -18,6 +18,7 @@ npx skills add https://github.com/jasperdevs/computer-doctor --skill computer-do
 npx skills add https://github.com/jasperdevs/computer-doctor --skill security-scan
 npx skills add https://github.com/jasperdevs/computer-doctor --skill devtools-audit
 npx skills add https://github.com/jasperdevs/computer-doctor --skill update-audit
+npx skills add https://github.com/jasperdevs/computer-doctor --skill virus-scan
 ```
 
 </details>
@@ -30,6 +31,7 @@ npx skills add https://github.com/jasperdevs/computer-doctor --skill update-audi
 | `$security-scan` | Endpoint protection, firewall status, suspicious processes, persistence, autoruns, risky permissions, and obvious malware signals. | [open](https://skills.sh/jasperdevs/computer-doctor/security-scan) |
 | `$devtools-audit` | PATH problems, shell setup, runtimes, SDKs, package managers, Git tooling, and dead or conflicting installs. | [open](https://skills.sh/jasperdevs/computer-doctor/devtools-audit) |
 | `$update-audit` | OS updates, outdated apps, drivers where visible, runtimes, package managers, and better replacement choices. | [open](https://skills.sh/jasperdevs/computer-doctor/update-audit) |
+| `$virus-scan` | Legacy alias for `$security-scan`. Prefer `$security-scan`, but this keeps older links and installs understandable. | [open](https://skills.sh/jasperdevs/computer-doctor/virus-scan) |
 
 The canonical pack surface is tracked in [skills-pack.json](./skills-pack.json).
 

skills-pack.json

@@ -18,5 +18,13 @@
       "name": "update-audit",
       "path": "skills/update-audit"
     }
+  ],
+  "aliases": [
+    {
+      "name": "virus-scan",
+      "path": "skills/virus-scan",
+      "deprecated": true,
+      "replaced_by": "security-scan"
+    }
   ]
 }

skills/virus-scan/SKILL.md

@@ -0,0 +1,50 @@
+---
+name: virus-scan
+description: Legacy alias for security-scan. Prefer security-scan for the same security-first audit.
+---
+
+# Virus Scan (Legacy Alias)
+
+This legacy command exists so older links and installs are less confusing. Prefer `$security-scan`.
+
+## First Step: Pick A Mode
+
+At the start of the interaction, ask the user to choose one mode:
+
+Ask exactly:
+`Choose a mode: Audit mode (recommended) or YOLO mode.`
+
+- `Audit mode` (recommended): inspect first, report findings, ask before changing anything
+- `YOLO mode`: still try to be safe, but carry out actions without asking again after the initial mode choice
+
+If the user already picked a mode earlier in the same task, do not ask again.
+
+## Behavior
+
+Run the same security-first pass as `$security-scan`:
+
+- antivirus or endpoint protection status
+- firewall status
+- suspicious processes
+- autoruns and persistence
+- risky permissions
+- obvious unwanted software
+
+## Rules
+
+- clearly state that `$security-scan` is the preferred command name
+- be evidence-based and skeptical
+- do not claim a machine is clean unless the available evidence supports that
+- in Audit mode, ask before changing anything
+- in YOLO mode, proceed without repeated approval, but still avoid reckless actions
+- if confidence is limited, say so plainly
+- separate confirmed issues from suspicious patterns that still need deeper inspection
+
+## Output
+
+Report:
+
+1. protection status
+2. highest-risk findings
+3. whether deeper scanning is needed
+4. approval-required changes in Audit mode

skills/virus-scan/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "Virus Scan (Legacy Alias)"
+  short_description: "Legacy alias for security-scan"
+  default_prompt: "Use $virus-scan as a legacy alias for $security-scan. Ask for Audit mode or YOLO mode first, then perform the same security-first audit as $security-scan and clearly note that $security-scan is the preferred command name."