{"eval":{"version":"openagentskill-skill-eval-v1","slug":"hackmanit-web-cache-vulnerability-scanner","name":"Web Cache Vulnerability Scanner","generated_at":"2026-07-03T22:43:46.043Z","task_input":"Evaluate Web Cache Vulnerability Scanner before installing it in an AI agent workflow","status":"failed","score":81,"risk_level":"high","decision":{"recommendation":"do_not_auto_install","reason":"Permission surface: shell or command execution, filesystem or document access","auto_install_allowed":false,"policy":"block","human_review_required":true},"task_fit":{"score":94,"suited_tasks":["Security and compliance workflows","Claude Code teams","teams that value GitHub adoption signals","Inspect risky files","Prioritize findings","Explain remediation steps","Inspect source files","Explain architecture"],"suited_agents":["Go","Security","Codex","Claude Code","Cursor","OpenAgentSkill CLI","CLI"]},"install":{"command":"npx skills add Hackmanit/Web-Cache-Vulnerability-Scanner","ready":true,"policy":"review","safety_label":"Review before install","targets":[{"id":"openagentskill-cli","label":"CLI","kind":"command","value":"npx skills add Hackmanit/Web-Cache-Vulnerability-Scanner"},{"id":"codex","label":"Codex","kind":"agent-prompt","value":"Install the \"Web Cache Vulnerability Scanner\" agent skill from https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/)."},{"id":"claude-code","label":"Claude Code","kind":"agent-prompt","value":"Add \"Web Cache Vulnerability Scanner\" as a Claude Code skill from https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/)."},{"id":"cursor","label":"Cursor","kind":"agent-prompt","value":"Turn \"Web Cache Vulnerability Scanner\" from https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/)."}]},"trust":{"score":83,"label":"Strong shortlist","version":"trust-score-v4","evidence":{"stars":"1.2K GitHub stars","repoActivity":"1.2K stars, 159 forks","lastPushed":"5mo since push","license":"Apache-2.0","repository":"https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner","install":"npx skills add Hackmanit/Web-Cache-Vulnerability-Scanner","installSafety":"standard package or runtime install path","permissionSurface":"shell or command execution, filesystem or document access","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"}},"audit":{"score":85,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":["Permission surface may require sandboxing","Permission surface needs review: shell or command execution, filesystem or document access","Permission surface: shell or command execution, filesystem or document access"]},"safety_gate":{"score":57,"tier":"experimental","label":"Experimental","auto_install_policy":"review","blocked":false,"permission_hints":[{"id":"shell","label":"Shell or command execution","reason":"Skill metadata references terminal, CLI, shell, subprocess, or command execution workflows.","severity":"high"},{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"}],"policy_warnings":["High-risk permission hints: Shell or command execution","Permission surface may require sandboxing"]},"checks":[{"id":"task_fit","label":"Task fit","status":"pass","score":94,"required_for_auto_install":true,"detail":"Task wording matches this skill metadata.","evidence":["Evaluate Web Cache Vulnerability Scanner before installing it in an AI agent workflow","security","Security and compliance workflows; Claude Code teams; teams that value GitHub adoption signals"]},{"id":"install_path","label":"Install path","status":"pass","score":92,"required_for_auto_install":true,"detail":"Install handoff is available.","evidence":["npx skills add Hackmanit/Web-Cache-Vulnerability-Scanner"]},{"id":"install_safety","label":"Install command safety","status":"pass","score":92,"required_for_auto_install":true,"detail":"standard package or runtime install path","evidence":["npx skills add Hackmanit/Web-Cache-Vulnerability-Scanner"]},{"id":"trust_score","label":"Trust score","status":"pass","score":83,"required_for_auto_install":true,"detail":"Good trust signals with a few areas worth checking before rollout.","evidence":["Strong shortlist","1.2K GitHub stars","Apache-2.0"]},{"id":"audit_score","label":"Audit score","status":"pass","score":85,"required_for_auto_install":true,"detail":"Safe to try","evidence":["Permission surface may require sandboxing"]},{"id":"agent_safety_gate","label":"Agent safety gate","status":"warn","score":57,"required_for_auto_install":true,"detail":"Sparse or mixed signals. Useful for discovery, but not for autonomous installation.","evidence":["Test manually in an isolated workspace and compare against safer alternatives.","High-risk permission hints: Shell or command execution"]},{"id":"readme_skillmd_completeness","label":"README/SKILL.md completeness","status":"pass","score":90,"required_for_auto_install":false,"detail":"Metadata includes enough usage and workflow context","evidence":["Strong README/SKILL.md context"]},{"id":"license_clarity","label":"License clarity","status":"pass","score":86,"required_for_auto_install":true,"detail":"Apache-2.0","evidence":["Apache-2.0"]},{"id":"recent_maintenance","label":"Recent maintenance","status":"warn","score":76,"required_for_auto_install":false,"detail":"5mo since push","evidence":["5mo since push"]},{"id":"permission_surface","label":"Permission surface","status":"fail","score":48,"required_for_auto_install":true,"detail":"shell or command execution, filesystem or document access","evidence":["Shell or command execution: high","Network access: medium","Filesystem access: medium"]},{"id":"alternatives","label":"Alternatives available","status":"pass","score":82,"required_for_auto_install":false,"detail":"Alternative skills are available for comparison.","evidence":["soxoj-maigret","projectdiscovery-nuclei","infisical-infisical","wazuh-wazuh"]}],"blockers":["Permission surface: shell or command execution, filesystem or document access"],"warnings":["Agent safety gate: Sparse or mixed signals. Useful for discovery, but not for autonomous installation.","Recent maintenance: 5mo since push","High-risk permission hints: Shell or command execution","Permission surface may require sandboxing","Permission surface needs review: shell or command execution, filesystem or document access","Permission surface: shell or command execution, filesystem or document access"],"validation_plan":["Inspect repository, README/SKILL.md, license, and recent commits before production use.","Install in an isolated workspace or sandbox with no production secrets available.","Run the smallest representative task and record files touched, commands run, network access, and outputs.","Compare the selected skill against at least one alternative when the eval status is review or failed.","Promote only after the agent reports a successful verification result and unresolved warnings are accepted."],"do_not_use_when":["teams that need a vendor-supported SLA","high-compliance environments without internal security review","No major risk signals from current metadata","High-risk permission hints: Shell or command execution","Permission surface may require sandboxing","Permission surface needs review: shell or command execution, filesystem or document access","Permission surface: shell or command execution, filesystem or document access","Production credentials, payments, or irreversible account changes without explicit human review"],"alternatives":[{"slug":"soxoj-maigret","name":"Maigret","url":"https://www.openagentskill.com/skills/soxoj-maigret","stars":32920,"install_command":"npx skills add soxoj/maigret","trust_score":88,"audit_score":92},{"slug":"projectdiscovery-nuclei","name":"Nuclei","url":"https://www.openagentskill.com/skills/projectdiscovery-nuclei","stars":29159,"install_command":"npx skills add projectdiscovery/nuclei","trust_score":93,"audit_score":95},{"slug":"infisical-infisical","name":"Infisical","url":"https://www.openagentskill.com/skills/infisical-infisical","stars":27445,"install_command":"npx skills add Infisical/infisical","trust_score":83,"audit_score":89},{"slug":"wazuh-wazuh","name":"Wazuh","url":"https://www.openagentskill.com/skills/wazuh-wazuh","stars":15852,"install_command":"npx skills add wazuh/wazuh","trust_score":89,"audit_score":92}],"machine_metadata":{"version":"openagentskill-agent-metadata-v2","skill":{"slug":"hackmanit-web-cache-vulnerability-scanner","name":"Web Cache Vulnerability Scanner","description":"Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).","category":"security","url":"https://www.openagentskill.com/skills/hackmanit-web-cache-vulnerability-scanner","repository":"https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner","github_repo":"Hackmanit/Web-Cache-Vulnerability-Scanner"},"suited_tasks":["Security and compliance workflows","Claude Code teams","teams that value GitHub adoption signals","Inspect risky files","Prioritize findings","Explain remediation steps","Inspect source files","Explain architecture"],"suited_agents":["Go","Security","Codex","Claude Code","Cursor","OpenAgentSkill CLI","CLI"],"install":{"command":"npx skills add Hackmanit/Web-Cache-Vulnerability-Scanner","ready":true,"targets":[{"id":"openagentskill-cli","label":"CLI","kind":"command","value":"npx skills add Hackmanit/Web-Cache-Vulnerability-Scanner"},{"id":"codex","label":"Codex","kind":"agent-prompt","value":"Install the \"Web Cache Vulnerability Scanner\" agent skill from https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/)."},{"id":"claude-code","label":"Claude Code","kind":"agent-prompt","value":"Add \"Web Cache Vulnerability Scanner\" as a Claude Code skill from https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/)."},{"id":"cursor","label":"Cursor","kind":"agent-prompt","value":"Turn \"Web Cache Vulnerability Scanner\" from https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/)."}],"handoff_url":"https://www.openagentskill.com/api/skills/hackmanit-web-cache-vulnerability-scanner/install","manifest_url":"https://www.openagentskill.com/api/registry/manifest/hackmanit-web-cache-vulnerability-scanner"},"trust":{"score":83,"label":"Strong shortlist","version":"trust-score-v4","install_policy":"human_review_before_install","evidence":{"stars":"1.2K GitHub stars","repoActivity":"1.2K stars, 159 forks","lastPushed":"5mo since push","license":"Apache-2.0","repository":"https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner","install":"npx skills add Hackmanit/Web-Cache-Vulnerability-Scanner","installSafety":"standard package or runtime install path","permissionSurface":"shell or command execution, filesystem or document access","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"},"outcome_evidence":{"total":0,"successes":0,"failures":0,"not_relevant":0,"success_rate":null,"recent_success_rate":null,"recent_failure_rate":null,"install_attempts":0,"install_success_rate":null,"risk_blocked":0,"setup_required":0,"avg_output_quality":null,"production_outcomes":0,"last_outcome_at":null,"label":"No agent outcome data yet"},"auto_install":{"allowed":false,"sandbox_required":true,"reason":"Human review or sandbox validation is required before automatic installation."},"best_for":["security","scanner","bugbounty","hacking","hacking-tool","penetration-testing"],"known_risks":["Permission surface needs review: shell or command execution, filesystem or document access","Permission surface: shell or command execution, filesystem or document access"]},"agent_proven":{"version":"agent-proven-v1","score":0,"tier":"unproven","label":"Needs first agent run","summary":"No agent outcome reports yet. Use Resolve, run one narrow sandbox task, then report the result.","metrics":{"totalOutcomes":0,"successfulOutcomes":0,"failedOutcomes":0,"installAttempts":0,"installSuccessRate":null,"successRate":null,"recentSuccessRate":null,"recentFailureRate":null,"riskBlocked":0,"setupRequired":0,"notRelevant":0,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"uniqueAgents":0,"lastOutcomeAt":null},"signals":[],"penalties":["No real agent outcome evidence yet"]},"audit":{"score":85,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":["Permission surface may require sandboxing","Permission surface needs review: shell or command execution, filesystem or document access","Permission surface: shell or command execution, filesystem or document access"]},"safety_gate":{"tier":"experimental","label":"Experimental","auto_install_policy":"review","auto_install_allowed":false,"human_review_required":true,"blocked":false,"recommended_action":"Test manually in an isolated workspace and compare against safer alternatives."},"quality":{"score":92,"label":"Excellent"},"supply":{"track":"Coding and developer agents","scenario":"Coding agents","maintenance":"5mo since push","risk":"Safe to try"},"alternative_skills":[{"slug":"soxoj-maigret","name":"Maigret","url":"https://www.openagentskill.com/skills/soxoj-maigret","stars":32920,"install_command":"npx skills add soxoj/maigret","trust_score":88,"audit_score":92},{"slug":"projectdiscovery-nuclei","name":"Nuclei","url":"https://www.openagentskill.com/skills/projectdiscovery-nuclei","stars":29159,"install_command":"npx skills add projectdiscovery/nuclei","trust_score":93,"audit_score":95},{"slug":"infisical-infisical","name":"Infisical","url":"https://www.openagentskill.com/skills/infisical-infisical","stars":27445,"install_command":"npx skills add Infisical/infisical","trust_score":83,"audit_score":89},{"slug":"wazuh-wazuh","name":"Wazuh","url":"https://www.openagentskill.com/skills/wazuh-wazuh","stars":15852,"install_command":"npx skills add wazuh/wazuh","trust_score":89,"audit_score":92}],"do_not_use_when":["teams that need a vendor-supported SLA","high-compliance environments without internal security review","No major risk signals from current metadata","High-risk permission hints: Shell or command execution","Permission surface may require sandboxing","Permission surface needs review: shell or command execution, filesystem or document access","Permission surface: shell or command execution, filesystem or document access","Production credentials, payments, or irreversible account changes without explicit human review"],"agent_contract":{"task_input":"Evaluate Web Cache Vulnerability Scanner before installing it in an AI agent workflow","recommended_action":"Test manually in an isolated workspace and compare against safer alternatives.","install_policy":"review","minimum_review_before_use":["Trust: 83/100 Strong shortlist","Audit: 85/100 Safe to try","Safety: 57/100 Review before install","Review repository, license, install command, and permission surface before production use."],"expected_agent_output":{"selected_skill":"hackmanit-web-cache-vulnerability-scanner (Web Cache Vulnerability Scanner)","install_command":"npx skills add Hackmanit/Web-Cache-Vulnerability-Scanner","risk_summary":"Safe to try; Experimental; Review before production","verification_result":"Report the smallest successful task, files touched, warnings, and any missing setup."}},"outcome_feedback":{"endpoint":"https://www.openagentskill.com/api/agent/outcome","method":"POST","requires_resolve_event_id":true,"event_id_source":"Use install_receipt.outcome_feedback.event_id or feedback.event_id returned by /api/agent/resolve for the current task.","expected_outcomes":["success","failed","not_relevant","blocked_by_risk","setup_required"],"payload_template":{"event_id":"<install_receipt.outcome_feedback.event_id or feedback.event_id from /api/agent/resolve>","skill_slug":"hackmanit-web-cache-vulnerability-scanner","task":"Evaluate Web Cache Vulnerability Scanner before installing it in an AI agent workflow","agent":"codex","outcome":"success","install_used":true,"risk_blocked":false,"setup_required":false,"task_success":true,"output_quality":4,"error_type":null,"human_review_required":false,"workspace":"sandbox","time_to_useful_ms":120000,"notes":"Report the smallest successful task, setup friction, files touched, and risk notes."}},"endpoints":{"web":"https://www.openagentskill.com/skills/hackmanit-web-cache-vulnerability-scanner","api":"https://www.openagentskill.com/api/agent/skills/hackmanit-web-cache-vulnerability-scanner","audit":"https://www.openagentskill.com/skills/hackmanit-web-cache-vulnerability-scanner/audit","eval":"https://www.openagentskill.com/api/agent/evals?slug=hackmanit-web-cache-vulnerability-scanner&task=Evaluate%20Web%20Cache%20Vulnerability%20Scanner%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&max_risk=medium","resolve":"https://www.openagentskill.com/api/agent/resolve?task=Evaluate%20Web%20Cache%20Vulnerability%20Scanner%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium","receipt":"https://www.openagentskill.com/api/agent/receipt?task=Evaluate%20Web%20Cache%20Vulnerability%20Scanner%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium&format=text","install":"https://www.openagentskill.com/api/skills/hackmanit-web-cache-vulnerability-scanner/install","manifest":"https://www.openagentskill.com/api/registry/manifest/hackmanit-web-cache-vulnerability-scanner"}},"endpoints":{"web":"https://www.openagentskill.com/skills/hackmanit-web-cache-vulnerability-scanner","api":"https://www.openagentskill.com/api/agent/skills/hackmanit-web-cache-vulnerability-scanner","eval":"https://www.openagentskill.com/api/agent/evals?slug=hackmanit-web-cache-vulnerability-scanner","audit":"https://www.openagentskill.com/skills/hackmanit-web-cache-vulnerability-scanner/audit","resolve":"https://www.openagentskill.com/api/agent/resolve?task=Evaluate%20Web%20Cache%20Vulnerability%20Scanner%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium"}},"meta":{"endpoint":"/api/agent/evals","mode":"skill_eval","purpose":"Pre-install eval contract for a single skill. Agents should read this before installing a reusable skill.","generated_at":"2026-07-03T22:43:46.043Z"}}