Snip Eval
=========

Status: failed
Score: 74/100
Risk: high
Decision: do_not_auto_install
Policy: block
Reason: Permission surface: secrets or environment access, shell or command execution

Install:
npx skills add edouard-claude/snip

Required checks:
- PASS Task fit: Task wording matches this skill metadata.
- PASS Install path: Install handoff is available.
- PASS Install command safety: standard package or runtime install path
- WARN Trust score: Good trust signals with a few areas worth checking before rollout.
- WARN Audit score: Needs review
- WARN Agent safety gate: Sparse or mixed signals. Useful for discovery, but not for autonomous installation.
- PASS License clarity: MIT
- FAIL Permission surface: secrets or environment access, shell or command execution

Warnings:
- Trust score: Good trust signals with a few areas worth checking before rollout.
- Audit score: Needs review
- Agent safety gate: Sparse or mixed signals. Useful for discovery, but not for autonomous installation.
- High-risk permission hints: Shell or command execution, Secrets or environment access
- Dependency or permission surface needs review
- Permission surface may require sandboxing
- Quality score needs review
- Permission surface needs review: secrets or environment access, shell or command execution
- Stars/forks activity: 331 stars, 37 forks; issue activity unavailable in current metadata
- Dependency/runtime risk: command execution surface, credential or environment access
- Permission surface: secrets or environment access, shell or command execution

Validation plan:
1. Inspect repository, README/SKILL.md, license, and recent commits before production use.
2. Install in an isolated workspace or sandbox with no production secrets available.
3. Run the smallest representative task and record files touched, commands run, network access, and outputs.
4. Compare the selected skill against at least one alternative when the eval status is review or failed.
5. Promote only after the agent reports a successful verification result and unresolved warnings are accepted.

Do not use when:
- teams that need a vendor-supported SLA
- high-compliance environments without internal security review
- No major risk signals from current metadata
- High-risk permission hints: Shell or command execution, Secrets or environment access
- Dependency or permission surface needs review
- Permission surface may require sandboxing
- Quality score needs review
- Permission surface needs review: secrets or environment access, shell or command execution

URLs:
- Skill: https://www.openagentskill.com/skills/edouard-claude-snip
- Audit: https://www.openagentskill.com/skills/edouard-claude-snip/audit
- JSON: https://www.openagentskill.com/api/agent/evals?slug=edouard-claude-snip