Signing a skill proves it left your hands intact. But a signature no one checks is a statement no one reads. The missing half is verification at install time — specifically, on the PR that brings a skill into your codebase. This is what @agentlair/spa-verifier 0.2.0 adds: a GitHub Actions workflow that blocks unsigned or tampered skills before they merge. Why signing alone isn't enough The supply chain attack window doesn't open at publish time. It opens between publish and install: registry tampering, dependency confusion, a compromised mirror. By the time the skill reaches your agent loop, the signature is history. The only enforcement point that matters is the moment before it lands in your repo. That's a PR check.…