{"eval":{"version":"openagentskill-skill-eval-v1","slug":"xmirrorsecurity-opensca-cli","name":"OpenSCA Cli","generated_at":"2026-07-03T21:30:18.848Z","task_input":"Evaluate OpenSCA Cli before installing it in an AI agent workflow","status":"review","score":85,"risk_level":"medium","decision":{"recommendation":"manual_review","reason":"Require human approval before installing into a real workspace.","auto_install_allowed":false,"policy":"review","human_review_required":true},"task_fit":{"score":84,"suited_tasks":["Coding agents workflows","Claude Code teams","teams that value GitHub adoption signals","Inspect source files","Explain architecture","Patch bugs and verify changes","Inspect repository metadata","Compare code changes"],"suited_agents":["Go","Static Analysis","Codex","Claude Code","Cursor","OpenAgentSkill CLI","CLI"]},"install":{"command":"npx skills add XmirrorSecurity/OpenSCA-cli","ready":true,"policy":"review","safety_label":"Review before install","targets":[{"id":"openagentskill-cli","label":"CLI","kind":"command","value":"npx skills add XmirrorSecurity/OpenSCA-cli"},{"id":"codex","label":"Codex","kind":"agent-prompt","value":"Install the \"OpenSCA Cli\" agent skill from https://github.com/XmirrorSecurity/OpenSCA-cli. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community."},{"id":"claude-code","label":"Claude Code","kind":"agent-prompt","value":"Add \"OpenSCA Cli\" as a Claude Code skill from https://github.com/XmirrorSecurity/OpenSCA-cli. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community."},{"id":"cursor","label":"Cursor","kind":"agent-prompt","value":"Turn \"OpenSCA Cli\" from https://github.com/XmirrorSecurity/OpenSCA-cli into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community."}]},"trust":{"score":87,"label":"Production candidate","version":"trust-score-v4","evidence":{"stars":"1.1K GitHub stars","repoActivity":"1.1K stars, 134 forks","lastPushed":"2mo since push","license":"Apache-2.0","repository":"https://github.com/XmirrorSecurity/OpenSCA-cli","install":"npx skills add XmirrorSecurity/OpenSCA-cli","installSafety":"standard package or runtime install path","permissionSurface":"shell or command execution","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"}},"audit":{"score":90,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":[]},"safety_gate":{"score":66,"tier":"reviewed","label":"Reviewed with permission notes","auto_install_policy":"review","blocked":false,"permission_hints":[{"id":"shell","label":"Shell or command execution","reason":"Skill metadata references terminal, CLI, shell, subprocess, or command execution workflows.","severity":"high"},{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"}],"policy_warnings":["High-risk permission hints: Shell or command execution"]},"checks":[{"id":"task_fit","label":"Task fit","status":"pass","score":84,"required_for_auto_install":true,"detail":"Task wording matches this skill metadata.","evidence":["Evaluate OpenSCA Cli before installing it in an AI agent workflow","development","Coding agents workflows; Claude Code teams; teams that value GitHub adoption signals"]},{"id":"install_path","label":"Install path","status":"pass","score":92,"required_for_auto_install":true,"detail":"Install handoff is available.","evidence":["npx skills add XmirrorSecurity/OpenSCA-cli"]},{"id":"install_safety","label":"Install command safety","status":"pass","score":92,"required_for_auto_install":true,"detail":"standard package or runtime install path","evidence":["npx skills add XmirrorSecurity/OpenSCA-cli"]},{"id":"trust_score","label":"Trust score","status":"pass","score":87,"required_for_auto_install":true,"detail":"Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability.","evidence":["Production candidate","1.1K GitHub stars","Apache-2.0"]},{"id":"audit_score","label":"Audit score","status":"pass","score":90,"required_for_auto_install":true,"detail":"Safe to try","evidence":["No major audit warning from metadata."]},{"id":"agent_safety_gate","label":"Agent safety gate","status":"warn","score":66,"required_for_auto_install":true,"detail":"Usable candidate, but the agent should surface permission and audit notes before installation.","evidence":["Require human approval before installing into a real workspace.","High-risk permission hints: Shell or command execution"]},{"id":"readme_skillmd_completeness","label":"README/SKILL.md completeness","status":"pass","score":90,"required_for_auto_install":false,"detail":"Metadata includes enough usage and workflow context","evidence":["Strong README/SKILL.md context"]},{"id":"license_clarity","label":"License clarity","status":"pass","score":86,"required_for_auto_install":true,"detail":"Apache-2.0","evidence":["Apache-2.0"]},{"id":"recent_maintenance","label":"Recent maintenance","status":"pass","score":88,"required_for_auto_install":false,"detail":"2mo since push","evidence":["2mo since push"]},{"id":"permission_surface","label":"Permission surface","status":"warn","score":76,"required_for_auto_install":true,"detail":"shell or command execution","evidence":["Shell or command execution: high","Network access: medium"]},{"id":"alternatives","label":"Alternatives available","status":"pass","score":82,"required_for_auto_install":false,"detail":"Alternative skills are available for comparison.","evidence":["google-gemini-gemini-cli","x1xhlol-system-prompts-and-models-of-ai-tools","juliusbrussee-caveman","sickn33-antigravity-awesome-skills"]}],"blockers":[],"warnings":["Agent safety gate: Usable candidate, but the agent should surface permission and audit notes before installation.","Permission surface: shell or command execution","High-risk permission hints: Shell or command execution"],"validation_plan":["Inspect repository, README/SKILL.md, license, and recent commits before production use.","Install in an isolated workspace or sandbox with no production secrets available.","Run the smallest representative task and record files touched, commands run, network access, and outputs.","Compare the selected skill against at least one alternative when the eval status is review or failed.","Promote only after the agent reports a successful verification result and unresolved warnings are accepted."],"do_not_use_when":["teams that need a vendor-supported SLA","high-compliance environments without internal security review","No major risk signals from current metadata","High-risk permission hints: Shell or command execution","No major trust warnings detected from available metadata","Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"alternatives":[{"slug":"google-gemini-gemini-cli","name":"Gemini CLI","url":"https://www.openagentskill.com/skills/google-gemini-gemini-cli","stars":105720,"install_command":"npx skills add google-gemini/gemini-cli","trust_score":83,"audit_score":89},{"slug":"x1xhlol-system-prompts-and-models-of-ai-tools","name":"System Prompts And Models Of AI Tools","url":"https://www.openagentskill.com/skills/x1xhlol-system-prompts-and-models-of-ai-tools","stars":141169,"install_command":"npx skills add x1xhlol/system-prompts-and-models-of-ai-tools","trust_score":94,"audit_score":96},{"slug":"juliusbrussee-caveman","name":"Caveman","url":"https://www.openagentskill.com/skills/juliusbrussee-caveman","stars":82799,"install_command":"npx skills add JuliusBrussee/caveman","trust_score":90,"audit_score":93},{"slug":"sickn33-antigravity-awesome-skills","name":"Antigravity Awesome Skills","url":"https://www.openagentskill.com/skills/sickn33-antigravity-awesome-skills","stars":42248,"install_command":"npx skills add sickn33/antigravity-awesome-skills","trust_score":88,"audit_score":91}],"machine_metadata":{"version":"openagentskill-agent-metadata-v2","skill":{"slug":"xmirrorsecurity-opensca-cli","name":"OpenSCA Cli","description":"OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community. ","category":"development","url":"https://www.openagentskill.com/skills/xmirrorsecurity-opensca-cli","repository":"https://github.com/XmirrorSecurity/OpenSCA-cli","github_repo":"XmirrorSecurity/OpenSCA-cli"},"suited_tasks":["Coding agents workflows","Claude Code teams","teams that value GitHub adoption signals","Inspect source files","Explain architecture","Patch bugs and verify changes","Inspect repository metadata","Compare code changes"],"suited_agents":["Go","Static Analysis","Codex","Claude Code","Cursor","OpenAgentSkill CLI","CLI"],"install":{"command":"npx skills add XmirrorSecurity/OpenSCA-cli","ready":true,"targets":[{"id":"openagentskill-cli","label":"CLI","kind":"command","value":"npx skills add XmirrorSecurity/OpenSCA-cli"},{"id":"codex","label":"Codex","kind":"agent-prompt","value":"Install the \"OpenSCA Cli\" agent skill from https://github.com/XmirrorSecurity/OpenSCA-cli. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community."},{"id":"claude-code","label":"Claude Code","kind":"agent-prompt","value":"Add \"OpenSCA Cli\" as a Claude Code skill from https://github.com/XmirrorSecurity/OpenSCA-cli. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community."},{"id":"cursor","label":"Cursor","kind":"agent-prompt","value":"Turn \"OpenSCA Cli\" from https://github.com/XmirrorSecurity/OpenSCA-cli into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community."}],"handoff_url":"https://www.openagentskill.com/api/skills/xmirrorsecurity-opensca-cli/install","manifest_url":"https://www.openagentskill.com/api/registry/manifest/xmirrorsecurity-opensca-cli"},"trust":{"score":87,"label":"Production candidate","version":"trust-score-v4","install_policy":"agent_install_candidate","evidence":{"stars":"1.1K GitHub stars","repoActivity":"1.1K stars, 134 forks","lastPushed":"2mo since push","license":"Apache-2.0","repository":"https://github.com/XmirrorSecurity/OpenSCA-cli","install":"npx skills add XmirrorSecurity/OpenSCA-cli","installSafety":"standard package or runtime install path","permissionSurface":"shell or command execution","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"},"outcome_evidence":{"total":0,"successes":0,"failures":0,"not_relevant":0,"success_rate":null,"recent_success_rate":null,"recent_failure_rate":null,"install_attempts":0,"install_success_rate":null,"risk_blocked":0,"setup_required":0,"avg_output_quality":null,"production_outcomes":0,"last_outcome_at":null,"label":"No agent outcome data yet"},"auto_install":{"allowed":true,"sandbox_required":true,"reason":"Trust Score v4 allows sandbox-first agent installation after normal workspace review."},"best_for":["development","static-analysis","code-quality","cyclonedx","devsecops","license-compliance"],"known_risks":[]},"agent_proven":{"version":"agent-proven-v1","score":0,"tier":"unproven","label":"Needs first agent run","summary":"No agent outcome reports yet. Use Resolve, run one narrow sandbox task, then report the result.","metrics":{"totalOutcomes":0,"successfulOutcomes":0,"failedOutcomes":0,"installAttempts":0,"installSuccessRate":null,"successRate":null,"recentSuccessRate":null,"recentFailureRate":null,"riskBlocked":0,"setupRequired":0,"notRelevant":0,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"uniqueAgents":0,"lastOutcomeAt":null},"signals":[],"penalties":["No real agent outcome evidence yet"]},"audit":{"score":90,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":[]},"safety_gate":{"tier":"reviewed","label":"Reviewed with permission notes","auto_install_policy":"review","auto_install_allowed":false,"human_review_required":true,"blocked":false,"recommended_action":"Require human approval before installing into a real workspace."},"quality":{"score":96,"label":"Excellent"},"supply":{"track":"Coding and developer agents","scenario":"Coding agents","maintenance":"2mo since push","risk":"Safe to try"},"alternative_skills":[{"slug":"google-gemini-gemini-cli","name":"Gemini CLI","url":"https://www.openagentskill.com/skills/google-gemini-gemini-cli","stars":105720,"install_command":"npx skills add google-gemini/gemini-cli","trust_score":83,"audit_score":89},{"slug":"x1xhlol-system-prompts-and-models-of-ai-tools","name":"System Prompts And Models Of AI Tools","url":"https://www.openagentskill.com/skills/x1xhlol-system-prompts-and-models-of-ai-tools","stars":141169,"install_command":"npx skills add x1xhlol/system-prompts-and-models-of-ai-tools","trust_score":94,"audit_score":96},{"slug":"juliusbrussee-caveman","name":"Caveman","url":"https://www.openagentskill.com/skills/juliusbrussee-caveman","stars":82799,"install_command":"npx skills add JuliusBrussee/caveman","trust_score":90,"audit_score":93},{"slug":"sickn33-antigravity-awesome-skills","name":"Antigravity Awesome Skills","url":"https://www.openagentskill.com/skills/sickn33-antigravity-awesome-skills","stars":42248,"install_command":"npx skills add sickn33/antigravity-awesome-skills","trust_score":88,"audit_score":91}],"do_not_use_when":["teams that need a vendor-supported SLA","high-compliance environments without internal security review","No major risk signals from current metadata","High-risk permission hints: Shell or command execution","No major trust warnings detected from available metadata","Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"agent_contract":{"task_input":"Evaluate OpenSCA Cli before installing it in an AI agent workflow","recommended_action":"Require human approval before installing into a real workspace.","install_policy":"review","minimum_review_before_use":["Trust: 87/100 Production candidate","Audit: 90/100 Safe to try","Safety: 66/100 Review before install","Review repository, license, install command, and permission surface before production use."],"expected_agent_output":{"selected_skill":"xmirrorsecurity-opensca-cli (OpenSCA Cli)","install_command":"npx skills add XmirrorSecurity/OpenSCA-cli","risk_summary":"Safe to try; Reviewed with permission notes; Low metadata risk","verification_result":"Report the smallest successful task, files touched, warnings, and any missing setup."}},"outcome_feedback":{"endpoint":"https://www.openagentskill.com/api/agent/outcome","method":"POST","requires_resolve_event_id":true,"event_id_source":"Use install_receipt.outcome_feedback.event_id or feedback.event_id returned by /api/agent/resolve for the current task.","expected_outcomes":["success","failed","not_relevant","blocked_by_risk","setup_required"],"payload_template":{"event_id":"<install_receipt.outcome_feedback.event_id or feedback.event_id from /api/agent/resolve>","skill_slug":"xmirrorsecurity-opensca-cli","task":"Evaluate OpenSCA Cli before installing it in an AI agent workflow","agent":"codex","outcome":"success","install_used":true,"risk_blocked":false,"setup_required":false,"task_success":true,"output_quality":4,"error_type":null,"human_review_required":false,"workspace":"sandbox","time_to_useful_ms":120000,"notes":"Report the smallest successful task, setup friction, files touched, and risk notes."}},"endpoints":{"web":"https://www.openagentskill.com/skills/xmirrorsecurity-opensca-cli","api":"https://www.openagentskill.com/api/agent/skills/xmirrorsecurity-opensca-cli","audit":"https://www.openagentskill.com/skills/xmirrorsecurity-opensca-cli/audit","eval":"https://www.openagentskill.com/api/agent/evals?slug=xmirrorsecurity-opensca-cli&task=Evaluate%20OpenSCA%20Cli%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&max_risk=medium","resolve":"https://www.openagentskill.com/api/agent/resolve?task=Evaluate%20OpenSCA%20Cli%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium","receipt":"https://www.openagentskill.com/api/agent/receipt?task=Evaluate%20OpenSCA%20Cli%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium&format=text","install":"https://www.openagentskill.com/api/skills/xmirrorsecurity-opensca-cli/install","manifest":"https://www.openagentskill.com/api/registry/manifest/xmirrorsecurity-opensca-cli"}},"endpoints":{"web":"https://www.openagentskill.com/skills/xmirrorsecurity-opensca-cli","api":"https://www.openagentskill.com/api/agent/skills/xmirrorsecurity-opensca-cli","eval":"https://www.openagentskill.com/api/agent/evals?slug=xmirrorsecurity-opensca-cli","audit":"https://www.openagentskill.com/skills/xmirrorsecurity-opensca-cli/audit","resolve":"https://www.openagentskill.com/api/agent/resolve?task=Evaluate%20OpenSCA%20Cli%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium"}},"meta":{"endpoint":"/api/agent/evals","mode":"skill_eval","purpose":"Pre-install eval contract for a single skill. Agents should read this before installing a reusable skill.","generated_at":"2026-07-03T21:30:18.848Z"}}