{"eval":{"version":"openagentskill-skill-eval-v1","slug":"rassec-yandi-scanner","name":"Yandi Scanner","generated_at":"2026-07-03T23:05:01.175Z","task_input":"Evaluate Yandi Scanner before installing it in an AI agent workflow","status":"failed","score":57,"risk_level":"high","decision":{"recommendation":"do_not_auto_install","reason":"Audit score: Risky","auto_install_allowed":false,"policy":"block","human_review_required":true},"task_fit":{"score":94,"suited_tasks":["Security and compliance workflows","Claude Code teams","builders willing to evaluate younger projects","Inspect risky files","Prioritize findings","Explain remediation steps","Inspect source files","Explain architecture"],"suited_agents":["Python","Security","Codex","Claude Code","Cursor","OpenAgentSkill CLI","CLI"]},"install":{"command":"npx skills add RASSec/yandi-scanner","ready":true,"policy":"block","safety_label":"Avoid automatic install","targets":[{"id":"openagentskill-cli","label":"CLI","kind":"command","value":"npx skills add RASSec/yandi-scanner"},{"id":"codex","label":"Codex","kind":"agent-prompt","value":"Install the \"Yandi Scanner\" agent skill from https://github.com/RASSec/yandi-scanner. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Network Security Vulnerability Scanner"},{"id":"claude-code","label":"Claude Code","kind":"agent-prompt","value":"Add \"Yandi Scanner\" as a Claude Code skill from https://github.com/RASSec/yandi-scanner. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Network Security Vulnerability Scanner"},{"id":"cursor","label":"Cursor","kind":"agent-prompt","value":"Turn \"Yandi Scanner\" from https://github.com/RASSec/yandi-scanner into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Network Security Vulnerability Scanner"}]},"trust":{"score":66,"label":"Manual review","version":"trust-score-v4","evidence":{"stars":"116 GitHub stars","repoActivity":"116 stars, 48 forks","lastPushed":"3y since push","license":"Unknown","repository":"https://github.com/RASSec/yandi-scanner","install":"npx skills add RASSec/yandi-scanner","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access, network or browser access","documentation":"Usable metadata, review docs","agentOutcomes":"No agent outcome data yet"}},"audit":{"score":58,"risk_level":"risky","risk_label":"Risky","warnings":["License is unclear","Repository appears stale","Repository looks stale","Quality score needs review","Stars/forks activity: 116 stars, 48 forks; issue activity unavailable in current metadata","Recent maintenance: 3y since push","License clarity: Unknown"]},"safety_gate":{"score":42,"tier":"blocked","label":"Blocked for auto-install","auto_install_policy":"block","blocked":true,"permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"}],"policy_warnings":["Audit risk risky exceeds max_risk=medium","License is unclear"]},"checks":[{"id":"task_fit","label":"Task fit","status":"pass","score":94,"required_for_auto_install":true,"detail":"Task wording matches this skill metadata.","evidence":["Evaluate Yandi Scanner before installing it in an AI agent workflow","security","Security and compliance workflows; Claude Code teams; builders willing to evaluate younger projects"]},{"id":"install_path","label":"Install path","status":"pass","score":92,"required_for_auto_install":true,"detail":"Install handoff is available.","evidence":["npx skills add RASSec/yandi-scanner"]},{"id":"install_safety","label":"Install command safety","status":"pass","score":92,"required_for_auto_install":true,"detail":"standard package or runtime install path","evidence":["npx skills add RASSec/yandi-scanner"]},{"id":"trust_score","label":"Trust score","status":"warn","score":66,"required_for_auto_install":true,"detail":"Potentially useful, but at least one trust signal needs human inspection.","evidence":["Manual review","116 GitHub stars","Unknown"]},{"id":"audit_score","label":"Audit score","status":"fail","score":58,"required_for_auto_install":true,"detail":"Risky","evidence":["License is unclear"]},{"id":"agent_safety_gate","label":"Agent safety gate","status":"fail","score":42,"required_for_auto_install":true,"detail":"This skill should not be selected by an agent without explicit human security review.","evidence":["Do not auto-install. Inspect the source, dependencies, and permission surface first.","Audit risk exceeds the requested agent policy"]},{"id":"readme_skillmd_completeness","label":"README/SKILL.md completeness","status":"warn","score":74,"required_for_auto_install":false,"detail":"Public metadata needs stronger README/SKILL.md context","evidence":["Usable metadata, review docs"]},{"id":"license_clarity","label":"License clarity","status":"warn","score":42,"required_for_auto_install":true,"detail":"Unknown","evidence":["Unknown"]},{"id":"recent_maintenance","label":"Recent maintenance","status":"fail","score":22,"required_for_auto_install":false,"detail":"3y since push","evidence":["3y since push"]},{"id":"permission_surface","label":"Permission surface","status":"warn","score":72,"required_for_auto_install":true,"detail":"filesystem or document access, network or browser access","evidence":["Network access: medium","Filesystem access: medium"]},{"id":"alternatives","label":"Alternatives available","status":"pass","score":82,"required_for_auto_install":false,"detail":"Alternative skills are available for comparison.","evidence":["soxoj-maigret","projectdiscovery-nuclei","infisical-infisical","wazuh-wazuh"]}],"blockers":["Audit score: Risky","Agent safety gate: This skill should not be selected by an agent without explicit human security review."],"warnings":["Trust score: Potentially useful, but at least one trust signal needs human inspection.","README/SKILL.md completeness: Public metadata needs stronger README/SKILL.md context","License clarity: Unknown","Permission surface: filesystem or document access, network or browser access","Audit risk risky exceeds max_risk=medium","License is unclear","Repository appears stale","Repository looks stale","Quality score needs review","Stars/forks activity: 116 stars, 48 forks; issue activity unavailable in current metadata","Recent maintenance: 3y since push"],"validation_plan":["Inspect repository, README/SKILL.md, license, and recent commits before production use.","Install in an isolated workspace or sandbox with no production secrets available.","Run the smallest representative task and record files touched, commands run, network access, and outputs.","Compare the selected skill against at least one alternative when the eval status is review or failed.","Promote only after the agent reports a successful verification result and unresolved warnings are accepted."],"do_not_use_when":["teams that require actively maintained dependencies","production agents without a repository review","Repository looks stale","No OpenAgentSkill engagement data yet","Audit risk risky exceeds max_risk=medium","License is unclear","Repository appears stale","Quality score needs review"],"alternatives":[{"slug":"soxoj-maigret","name":"Maigret","url":"https://www.openagentskill.com/skills/soxoj-maigret","stars":32920,"install_command":"npx skills add soxoj/maigret","trust_score":88,"audit_score":92},{"slug":"projectdiscovery-nuclei","name":"Nuclei","url":"https://www.openagentskill.com/skills/projectdiscovery-nuclei","stars":29159,"install_command":"npx skills add projectdiscovery/nuclei","trust_score":93,"audit_score":95},{"slug":"infisical-infisical","name":"Infisical","url":"https://www.openagentskill.com/skills/infisical-infisical","stars":27445,"install_command":"npx skills add Infisical/infisical","trust_score":83,"audit_score":89},{"slug":"wazuh-wazuh","name":"Wazuh","url":"https://www.openagentskill.com/skills/wazuh-wazuh","stars":15852,"install_command":"npx skills add wazuh/wazuh","trust_score":89,"audit_score":92}],"machine_metadata":{"version":"openagentskill-agent-metadata-v2","skill":{"slug":"rassec-yandi-scanner","name":"Yandi Scanner","description":"Network Security Vulnerability Scanner","category":"security","url":"https://www.openagentskill.com/skills/rassec-yandi-scanner","repository":"https://github.com/RASSec/yandi-scanner","github_repo":"RASSec/yandi-scanner"},"suited_tasks":["Security and compliance workflows","Claude Code teams","builders willing to evaluate younger projects","Inspect risky files","Prioritize findings","Explain remediation steps","Inspect source files","Explain architecture"],"suited_agents":["Python","Security","Codex","Claude Code","Cursor","OpenAgentSkill CLI","CLI"],"install":{"command":"npx skills add RASSec/yandi-scanner","ready":true,"targets":[{"id":"openagentskill-cli","label":"CLI","kind":"command","value":"npx skills add RASSec/yandi-scanner"},{"id":"codex","label":"Codex","kind":"agent-prompt","value":"Install the \"Yandi Scanner\" agent skill from https://github.com/RASSec/yandi-scanner. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Network Security Vulnerability Scanner"},{"id":"claude-code","label":"Claude Code","kind":"agent-prompt","value":"Add \"Yandi Scanner\" as a Claude Code skill from https://github.com/RASSec/yandi-scanner. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Network Security Vulnerability Scanner"},{"id":"cursor","label":"Cursor","kind":"agent-prompt","value":"Turn \"Yandi Scanner\" from https://github.com/RASSec/yandi-scanner into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Network Security Vulnerability Scanner"}],"handoff_url":"https://www.openagentskill.com/api/skills/rassec-yandi-scanner/install","manifest_url":"https://www.openagentskill.com/api/registry/manifest/rassec-yandi-scanner"},"trust":{"score":66,"label":"Manual review","version":"trust-score-v4","install_policy":"human_review_before_install","evidence":{"stars":"116 GitHub stars","repoActivity":"116 stars, 48 forks","lastPushed":"3y since push","license":"Unknown","repository":"https://github.com/RASSec/yandi-scanner","install":"npx skills add RASSec/yandi-scanner","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access, network or browser access","documentation":"Usable metadata, review docs","agentOutcomes":"No agent outcome data yet"},"outcome_evidence":{"total":0,"successes":0,"failures":0,"not_relevant":0,"success_rate":null,"recent_success_rate":null,"recent_failure_rate":null,"install_attempts":0,"install_success_rate":null,"risk_blocked":0,"setup_required":0,"avg_output_quality":null,"production_outcomes":0,"last_outcome_at":null,"label":"No agent outcome data yet"},"auto_install":{"allowed":false,"sandbox_required":true,"reason":"Human review or sandbox validation is required before automatic installation."},"best_for":["security","scanner","brute","brute-force","security-scanner","security-tools"],"known_risks":["License is unclear","Repository looks stale","Quality score needs review","Stars/forks activity: 116 stars, 48 forks; issue activity unavailable in current metadata","Recent maintenance: 3y since push","License clarity: Unknown"]},"agent_proven":{"version":"agent-proven-v1","score":0,"tier":"unproven","label":"Needs first agent run","summary":"No agent outcome reports yet. Use Resolve, run one narrow sandbox task, then report the result.","metrics":{"totalOutcomes":0,"successfulOutcomes":0,"failedOutcomes":0,"installAttempts":0,"installSuccessRate":null,"successRate":null,"recentSuccessRate":null,"recentFailureRate":null,"riskBlocked":0,"setupRequired":0,"notRelevant":0,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"uniqueAgents":0,"lastOutcomeAt":null},"signals":[],"penalties":["No real agent outcome evidence yet"]},"audit":{"score":58,"risk_level":"risky","risk_label":"Risky","warnings":["License is unclear","Repository appears stale","Repository looks stale","Quality score needs review","Stars/forks activity: 116 stars, 48 forks; issue activity unavailable in current metadata","Recent maintenance: 3y since push","License clarity: Unknown"]},"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","auto_install_policy":"block","auto_install_allowed":false,"human_review_required":true,"blocked":true,"recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first."},"quality":{"score":42,"label":"Needs review"},"supply":{"track":"Coding and developer agents","scenario":"Coding agents","maintenance":"3y since push","risk":"Risky"},"alternative_skills":[{"slug":"soxoj-maigret","name":"Maigret","url":"https://www.openagentskill.com/skills/soxoj-maigret","stars":32920,"install_command":"npx skills add soxoj/maigret","trust_score":88,"audit_score":92},{"slug":"projectdiscovery-nuclei","name":"Nuclei","url":"https://www.openagentskill.com/skills/projectdiscovery-nuclei","stars":29159,"install_command":"npx skills add projectdiscovery/nuclei","trust_score":93,"audit_score":95},{"slug":"infisical-infisical","name":"Infisical","url":"https://www.openagentskill.com/skills/infisical-infisical","stars":27445,"install_command":"npx skills add Infisical/infisical","trust_score":83,"audit_score":89},{"slug":"wazuh-wazuh","name":"Wazuh","url":"https://www.openagentskill.com/skills/wazuh-wazuh","stars":15852,"install_command":"npx skills add wazuh/wazuh","trust_score":89,"audit_score":92}],"do_not_use_when":["teams that require actively maintained dependencies","production agents without a repository review","Repository looks stale","No OpenAgentSkill engagement data yet","Audit risk risky exceeds max_risk=medium","License is unclear","Repository appears stale","Quality score needs review"],"agent_contract":{"task_input":"Evaluate Yandi Scanner before installing it in an AI agent workflow","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","install_policy":"block","minimum_review_before_use":["Trust: 66/100 Manual review","Audit: 58/100 Risky","Safety: 42/100 Avoid automatic install","Review repository, license, install command, and permission surface before production use."],"expected_agent_output":{"selected_skill":"rassec-yandi-scanner (Yandi Scanner)","install_command":"npx skills add RASSec/yandi-scanner","risk_summary":"Risky; Blocked for auto-install; Review before production","verification_result":"Report the smallest successful task, files touched, warnings, and any missing setup."}},"outcome_feedback":{"endpoint":"https://www.openagentskill.com/api/agent/outcome","method":"POST","requires_resolve_event_id":true,"event_id_source":"Use install_receipt.outcome_feedback.event_id or feedback.event_id returned by /api/agent/resolve for the current task.","expected_outcomes":["success","failed","not_relevant","blocked_by_risk","setup_required"],"payload_template":{"event_id":"<install_receipt.outcome_feedback.event_id or feedback.event_id from /api/agent/resolve>","skill_slug":"rassec-yandi-scanner","task":"Evaluate Yandi Scanner before installing it in an AI agent workflow","agent":"codex","outcome":"success","install_used":true,"risk_blocked":false,"setup_required":false,"task_success":true,"output_quality":4,"error_type":null,"human_review_required":false,"workspace":"sandbox","time_to_useful_ms":120000,"notes":"Report the smallest successful task, setup friction, files touched, and risk notes."}},"endpoints":{"web":"https://www.openagentskill.com/skills/rassec-yandi-scanner","api":"https://www.openagentskill.com/api/agent/skills/rassec-yandi-scanner","audit":"https://www.openagentskill.com/skills/rassec-yandi-scanner/audit","eval":"https://www.openagentskill.com/api/agent/evals?slug=rassec-yandi-scanner&task=Evaluate%20Yandi%20Scanner%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&max_risk=medium","resolve":"https://www.openagentskill.com/api/agent/resolve?task=Evaluate%20Yandi%20Scanner%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium","receipt":"https://www.openagentskill.com/api/agent/receipt?task=Evaluate%20Yandi%20Scanner%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium&format=text","install":"https://www.openagentskill.com/api/skills/rassec-yandi-scanner/install","manifest":"https://www.openagentskill.com/api/registry/manifest/rassec-yandi-scanner"}},"endpoints":{"web":"https://www.openagentskill.com/skills/rassec-yandi-scanner","api":"https://www.openagentskill.com/api/agent/skills/rassec-yandi-scanner","eval":"https://www.openagentskill.com/api/agent/evals?slug=rassec-yandi-scanner","audit":"https://www.openagentskill.com/skills/rassec-yandi-scanner/audit","resolve":"https://www.openagentskill.com/api/agent/resolve?task=Evaluate%20Yandi%20Scanner%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium"}},"meta":{"endpoint":"/api/agent/evals","mode":"skill_eval","purpose":"Pre-install eval contract for a single skill. Agents should read this before installing a reusable skill.","generated_at":"2026-07-03T23:05:01.175Z"}}