{
  "skills": [
    {
      "id": "skl_compliance_playbook",
      "name": "compliance-playbook",
      "plugin": "cwc-legal",
      "description": "Legal/compliance playbook for the subagentjobs.com fleet. Use when the user asks \"is it OK to republish these docs\", \"review the mirrored-docs attribution\", \"check upstream ToS\", \"license audit\", \"are our LICENSE files consistent\", \"review the monetization terms\", \"merchant of record\", \"can we send this NDA/letter/notice\", \"review before we publish this policy page\", or any question about what the fleet republishes, licenses, or sends externally. Do NOT use for drafting product copy (cwc-product-management), for deploying anything (cwc-deploy), or as a substitute for qualified legal counsel — every output here is workflow assistance, not legal advice.",
      "summary": "Legal/compliance playbook for the subagentjobs.com fleet.",
      "gated": 0,
      "source_path": "plugins/cwc-legal/skills/compliance-playbook/SKILL.md",
      "created_at": "2026-07-10 18:13:13",
      "cite_as": "https://subagentskills.com/api/skills/skl_compliance_playbook"
    },
    {
      "id": "skl_license_inventory",
      "name": "license-inventory",
      "plugin": "cwc-legal",
      "description": "READ-ONLY typed inventory of the repo's REAL license landscape, every count computed live from the tree (never hardcoded): LICENSE files across plugins/cwc-*, \"license\" fields across workers/*/package.json (a real, fleet-wide 0-of-97 gap at the 2026-07-09 baseline — flagged honestly, not papered over), top-level vendored orgs under vendors/ (governed by their own upstream licenses), and the vendored Apache-2.0 reference-only skills inside cwc-design. Emits a JSON inventory or a text report with a findings section. Use when the user asks \"license audit\", \"are our LICENSE files consistent\", \"which workers declare a license\", \"what's vendored under what license\", \"run the license inventory\", or before any relicensing/enrollment decision that needs the current license facts. Do NOT use this to interpret license compatibility or give legal opinions — it counts and flags, and every output is workflow assistance, not legal advice (compliance-playbook owns the review discipline; qualified counsel owns conclusions).",
      "summary": "READ-ONLY typed inventory of the repo's REAL license landscape, every count computed live from the tree (never hardcoded): LICENSE files across plugins/cwc-*, \"license\" fields across workers/*/package.json (a real, fleet-wide 0-of-97 gap at the 2026-07-09 baseline — flagged honestly, not papered...",
      "gated": 0,
      "source_path": "plugins/cwc-legal/skills/license-inventory/SKILL.md",
      "created_at": "2026-07-10 18:13:13",
      "cite_as": "https://subagentskills.com/api/skills/skl_license_inventory"
    },
    {
      "id": "skl_secrets_sweep",
      "name": "secrets-sweep",
      "plugin": "cwc-legal",
      "description": "READ-ONLY secrets/PII exposure sweep for cwc-legal (wave W5.2) over the operator's OWN deployed subagent*.com fleet. Defensive security audit only: derives the live host list from cloudflare.toml's [dns] table (never a hardcoded guess), issues read-only HTTP GETs against each public endpoint (`/`, `/api`, `/llms.txt`), and scans each response with a conservative offline regex detector for Anthropic/Cloudflare/AWS keys, PEM private-key headers, write-secret-env-vars WITH an assigned value, contextual bearer tokens (a long token-looking string near an authorization/bearer/token/secret keyword), and non-public emails. Emits a deterministic, fully-redacted markdown report — no full secret or the operator's own write-secrets ever appear in the report itself. No writes, no exploitation, no auth bypass, no third-party targets. Use when the user asks to \"sweep the fleet for leaked secrets\", \"check if any worker leaks ANTHROPIC_API_KEY/cfat_/PII\", \"run the secrets sweep\", \"audit our own endpoints for exposure\", or references `secrets-sweep sweep`/`scan-file`. Do NOT use this for penetration testing, auth bypass, fuzzing, or auditing any host the operator does not own — those are out of scope for this skill and for cwc-legal generally.",
      "summary": "READ-ONLY secrets/PII exposure sweep for cwc-legal (wave W5.2) over the operator's OWN deployed subagent*.com fleet.",
      "gated": 0,
      "source_path": "plugins/cwc-legal/skills/secrets-sweep/SKILL.md",
      "created_at": "2026-07-10 18:13:13",
      "cite_as": "https://subagentskills.com/api/skills/skl_secrets_sweep"
    },
    {
      "id": "skl_startup_formation",
      "name": "startup-formation",
      "plugin": "cwc-legal",
      "description": "Pre-formation legal groundwork for this AI startup: US business licensing/entity research path, trademark and branding audit across the ~50 subagent*.com domains, copyright posture for the fleet's original-vs-mirrored content, and terms review for startup-program applications (Cloudflare Workers Launchpad). Use when the user asks \"business license\", \"form the company\", \"LLC or C-corp\", \"trademark\", \"can I use the Claude/Cloudflare name\", \"copyright my content\", \"review the launchpad terms\", \"legal groundwork\", or before ANY program application is submitted. Do NOT use for reviewing what the fleet republishes day-to-day (sibling compliance-playbook skill) — and NOTHING here is legal advice; see the hard rule.",
      "summary": "Pre-formation legal groundwork for this AI startup: US business licensing/entity research path, trademark and branding audit across the ~50 subagent*.com domains, copyright posture for the fleet's original-vs-mirrored content, and terms review for startup-program applications (Cloudflare Workers...",
      "gated": 0,
      "source_path": "plugins/cwc-legal/skills/startup-formation/SKILL.md",
      "created_at": "2026-07-10 18:13:13",
      "cite_as": "https://subagentskills.com/api/skills/skl_startup_formation"
    }
  ]
}