Restore backward compatibility and make the pack self-verifying again

The repo still had a broken historical install surface for `virus-scan`, no
single pack manifest, and no in-repo smoke test after the earlier cleanup.
This adds a deprecated compatibility alias, introduces a small manifest for the
canonical pack surface, and restores verification through a lightweight GitHub
Actions workflow instead of local scripts.

Constraint: Keep the repo small and avoid restoring the removed evals/scripts structure
Rejected: Leave `virus-scan` broken and rely on external skills.sh cleanup | user-facing install path was still stale and failing
Rejected: Reintroduce local scripts/evals | more repo scaffolding than needed for a smoke test
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: If a skill is renamed again, preserve backward compatibility or explicitly update the manifest and smoke test in the same change
Tested: Local `npx skills add . --list --full-depth`; local isolated `--all` install from repo path; local isolated `--skill virus-scan` install from repo path; architect, security, and code-review validation passes
Not-tested: GitHub Actions execution after push; external skills.sh cache refresh timing

Author: jasperdevs

.github/workflows/verify-pack.yml

@@ -0,0 +1,76 @@
+name: verify-pack
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+
+      - name: Verify discovery output matches manifest
+        run: |
+          OUTPUT="$(npx skills add . --list --full-depth)"
+          echo "$OUTPUT"
+          OUTPUT="$OUTPUT" node -e '
+            const fs = require("fs");
+            const manifest = JSON.parse(fs.readFileSync("skills-pack.json", "utf8"));
+            const names = [
+              ...manifest.canonical_skills.map((skill) => skill.name),
+              ...(manifest.aliases ?? []).map((skill) => skill.name),
+            ];
+            const output = process.env.OUTPUT ?? "";
+            const missing = names.filter((name) => !output.includes(name));
+            if (missing.length) {
+              console.error("Missing skills in discovery output:", missing.join(", "));
+              process.exit(1);
+            }
+          '
+
+      - name: Verify isolated --all install
+        env:
+          PACK_SOURCE: ${{ github.workspace }}
+        run: |
+          TMP_DIR="$(mktemp -d)"
+          pushd "$TMP_DIR" >/dev/null
+          npx skills add "$PACK_SOURCE" -y --all --copy
+          popd >/dev/null
+          TMP_DIR="$TMP_DIR" node -e '
+            const fs = require("fs");
+            const path = require("path");
+            const manifest = JSON.parse(fs.readFileSync("skills-pack.json", "utf8"));
+            const expected = [
+              ...manifest.canonical_skills.map((skill) => skill.name),
+              ...(manifest.aliases ?? []).map((skill) => skill.name),
+            ].sort();
+            const installedDir = path.join(process.env.TMP_DIR, ".agents", "skills");
+            const installed = fs.readdirSync(installedDir, { withFileTypes: true })
+              .filter((entry) => entry.isDirectory())
+              .map((entry) => entry.name)
+              .sort();
+            if (JSON.stringify(installed) !== JSON.stringify(expected)) {
+              console.error("Installed skills did not match manifest.");
+              console.error("Expected:", expected.join(", "));
+              console.error("Actual:", installed.join(", "));
+              process.exit(1);
+            }
+          '
+
+      - name: Verify deprecated alias install path still works
+        env:
+          PACK_SOURCE: ${{ github.workspace }}
+        run: |
+          TMP_DIR="$(mktemp -d)"
+          pushd "$TMP_DIR" >/dev/null
+          npx skills add "$PACK_SOURCE" -y --agent codex --skill virus-scan --copy
+          popd >/dev/null
+          test -f "$TMP_DIR/.agents/skills/virus-scan/SKILL.md"

README.md

@@ -18,6 +18,7 @@ npx skills add https://github.com/jasperdevs/computer-doctor --skill computer-do
 npx skills add https://github.com/jasperdevs/computer-doctor --skill security-scan
 npx skills add https://github.com/jasperdevs/computer-doctor --skill devtools-audit
 npx skills add https://github.com/jasperdevs/computer-doctor --skill update-audit
+npx skills add https://github.com/jasperdevs/computer-doctor --skill virus-scan
 ```
 
 </details>
@@ -30,6 +31,9 @@ npx skills add https://github.com/jasperdevs/computer-doctor --skill update-audi
 | `$security-scan` | Endpoint protection, firewall status, suspicious processes, persistence, autoruns, risky permissions, and obvious malware signals. | [open](https://skills.sh/jasperdevs/computer-doctor/security-scan) |
 | `$devtools-audit` | PATH problems, shell setup, runtimes, SDKs, package managers, Git tooling, and dead or conflicting installs. | [open](https://skills.sh/jasperdevs/computer-doctor/devtools-audit) |
 | `$update-audit` | OS updates, outdated apps, drivers where visible, runtimes, package managers, and better replacement choices. | [open](https://skills.sh/jasperdevs/computer-doctor/update-audit) |
+| `$virus-scan` | Deprecated compatibility alias for `$security-scan`. Keep using it only if you still rely on the old command name. | [open](https://skills.sh/jasperdevs/computer-doctor/virus-scan) |
+
+The canonical pack surface is tracked in [skills-pack.json](./skills-pack.json).
 
 > [!NOTE]
 > Each skill begins with `Choose a mode: Audit mode (recommended) or YOLO mode.` Audit mode inspects first and asks before making changes. YOLO mode keeps moving after that initial choice, but still follows the skill's safety boundaries.

skills-pack.json

@@ -0,0 +1,36 @@
+{
+  "name": "computer-doctor",
+  "repository": "https://github.com/jasperdevs/computer-doctor",
+  "default_install": "npx skills add https://github.com/jasperdevs/computer-doctor --all",
+  "canonical_skills": [
+    {
+      "name": "computer-doctor",
+      "path": "skills/computer-doctor",
+      "skills_sh": "https://skills.sh/jasperdevs/computer-doctor/computer-doctor"
+    },
+    {
+      "name": "security-scan",
+      "path": "skills/security-scan",
+      "skills_sh": "https://skills.sh/jasperdevs/computer-doctor/security-scan"
+    },
+    {
+      "name": "devtools-audit",
+      "path": "skills/devtools-audit",
+      "skills_sh": "https://skills.sh/jasperdevs/computer-doctor/devtools-audit"
+    },
+    {
+      "name": "update-audit",
+      "path": "skills/update-audit",
+      "skills_sh": "https://skills.sh/jasperdevs/computer-doctor/update-audit"
+    }
+  ],
+  "aliases": [
+    {
+      "name": "virus-scan",
+      "path": "skills/virus-scan",
+      "skills_sh": "https://skills.sh/jasperdevs/computer-doctor/virus-scan",
+      "deprecated": true,
+      "replaced_by": "security-scan"
+    }
+  ]
+}

skills/virus-scan/SKILL.md

@@ -0,0 +1,49 @@
+---
+name: virus-scan
+description: Deprecated compatibility alias for security-scan. Run the same security-first audit after asking the user to choose Audit mode or YOLO mode.
+---
+
+# Virus Scan (Deprecated)
+
+Use this only for backward compatibility. Prefer `$security-scan`.
+
+## First Step: Pick A Mode
+
+At the start of the interaction, ask the user to choose one mode:
+
+Ask exactly:
+`Choose a mode: Audit mode (recommended) or YOLO mode.`
+
+- `Audit mode` (recommended): inspect first, report findings, ask before changing anything
+- `YOLO mode`: still try to be safe, but carry out actions without asking again after the initial mode choice
+
+If the user already picked a mode earlier in the same task, do not ask again.
+
+## Behavior
+
+This deprecated alias should run the same security-first pass as `$security-scan`:
+
+- antivirus or endpoint protection status
+- firewall status
+- suspicious processes
+- autoruns and persistence
+- risky permissions
+- obvious unwanted software
+
+## Rules
+
+- state that `$security-scan` is the preferred command name
+- be evidence-based and skeptical
+- do not claim a machine is clean unless the available evidence supports that
+- in Audit mode, ask before changing anything
+- in YOLO mode, proceed without repeated approval, but still avoid reckless actions
+- if confidence is limited, say so plainly
+
+## Output
+
+Report:
+
+1. protection status
+2. highest-risk findings
+3. whether deeper scanning is needed
+4. approval-required changes in Audit mode

skills/virus-scan/agents/openai.yaml

@@ -0,0 +1,4 @@
+interface:
+  display_name: "Virus Scan (Deprecated)"
+  short_description: "Deprecated compatibility alias for security-scan"
+  default_prompt: "Use $virus-scan as a deprecated compatibility alias for $security-scan. Ask for Audit mode or YOLO mode first, then perform the same security-first audit as $security-scan and clearly note that $security-scan is the preferred command name."