{"slug":"aquasecurity-trivy-operator","name":"Trivy Operator","description":"Kubernetes-native security toolkit","long_description":"Kubernetes-native security toolkit\n\nImported by the skill-only GitHub discovery pipeline because it matches agent skill, automation, domain workflow, RAG, document-processing, data, finance, security, or developer-tool signals. Protocol-server projects are excluded from automated imports.","tagline":"Kubernetes-native security toolkit","category":"devops","tags":["kubernetes","devops","cloud-native","golang","misconfiguration","octoberfest","operator","security","security-tools","vulnerability-detection"],"author":"aquasecurity","verified":true,"attribution":{"status":"community_indexed","statusLabel":"Community indexed","shortLabel":"COMMUNITY INDEXED","sourceLabel":"GitHub star discovery","sourceDetail":"aquasecurity/trivy-operator","creatorName":"aquasecurity","creatorUrl":"https://github.com/aquasecurity","sourceUrl":"https://github.com/aquasecurity/trivy-operator","indexedBy":"OpenAgentSkill community index","claimUrl":"https://www.openagentskill.com/skills/aquasecurity-trivy-operator#claim-this-skill","claimCta":"Claim this skill","trustNote":"This listing was indexed from public sources and is not marked official until a maintainer claim is approved.","publicNote":"Attribution links to the public repository or creator profile. Creators can claim the listing to update ownership signals."},"stats":{"stars":1889,"forks":274,"downloads":0,"rating":0,"review_count":0,"quality_score":64.64},"quality":{"score":100,"tier":"excellent","label":"Excellent","summary":"High-confidence pick with strong adoption and healthy maintenance signals.","signals":[{"label":"GitHub stars","value":"1.9K","tone":"positive"},{"label":"Freshness","value":"17d ago","tone":"positive"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"Apache-2.0","tone":"neutral"}],"warnings":[]},"trust":{"version":"trust-score-v5","score":86,"base_score":89,"outcome_confidence":0,"tier":"strong","label":"Review then install","summary":"Good shortlist signal, but the agent should review audit notes, install policy, and outcome evidence before running it.","recommendedAction":"Use as the primary candidate after human or sandbox review.","decision":{"install_policy":"agent_install_candidate","auto_install_allowed":false,"human_review_required":true,"sandbox_first":true,"agent_action":"Ask for approval or run a sandbox-only trial before installing.","reasoning":["86/100 Trust Score v5","89/100 Trust Score v4 baseline","Needs more real agent outcomes before unattended install","Install path is available","Low metadata risk"],"review_required_when":["The workspace contains production secrets, payments, private customer data, or irreversible actions.","The install command requests shell, network, credential, database, or broad filesystem access.","Outcome evidence is missing, recently failed, or required human review.","Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"]},"dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":86,"weight":0.13,"status":"pass","detail":"1.9K GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":83,"weight":0.08,"status":"pass","detail":"1.9K stars, 274 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":100,"weight":0.14,"status":"pass","detail":"17d since push"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"Apache-2.0"},{"id":"documentation","label":"README/SKILL.md completeness","score":74,"weight":0.14,"status":"info","detail":"Public metadata needs stronger README/SKILL.md context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":90,"weight":0.12,"status":"pass","detail":"no major dependency risk hints in public metadata"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add aquasecurity/trivy-operator"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":86,"weight":0.07,"status":"pass","detail":"filesystem or document access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/aquasecurity/trivy-operator"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"},{"id":"agent_outcomes","label":"Agent Proven outcomes","score":54,"weight":0.13,"status":"info","detail":"No agent outcome data yet"}],"checks":[{"status":"pass","label":"GitHub adoption","detail":"1.9K GitHub stars"},{"status":"pass","label":"Stars/forks activity","detail":"1.9K stars, 274 forks; issue activity unavailable in current metadata"},{"status":"pass","label":"Recent maintenance","detail":"17d since push"},{"status":"pass","label":"License clarity","detail":"Apache-2.0"},{"status":"info","label":"README/SKILL.md completeness","detail":"Public metadata needs stronger README/SKILL.md context"},{"status":"pass","label":"Dependency/runtime risk","detail":"no major dependency risk hints in public metadata"},{"status":"pass","label":"Install availability","detail":"npx skills add aquasecurity/trivy-operator"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"pass","label":"Permission surface","detail":"filesystem or document access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/aquasecurity/trivy-operator"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"info","label":"Agent Proven outcomes","detail":"No agent outcome data yet"},{"status":"pass","label":"Ownership","detail":"Listing manually verified"},{"status":"pass","label":"OpenAgentSkill usage","detail":"1 views, 0 install copies"},{"status":"info","label":"Agent outcomes","detail":"No agent outcome data yet"}],"strengths":["Manually verified listing","AI review approved","Install path is available","Repository evidence is available","Recently maintained repository","Meaningful GitHub adoption signal","Install command has no obvious high-risk pattern","Outcome loop is ready but needs first real agent run"],"warnings":["No real agent outcome reports yet","Human review required before unattended installation"],"evidence":{"stars":"1.9K GitHub stars","repoActivity":"1.9K stars, 274 forks","lastPushed":"17d since push","license":"Apache-2.0","repository":"https://github.com/aquasecurity/trivy-operator","install":"npx skills add aquasecurity/trivy-operator","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access","documentation":"Usable metadata, review docs","agentOutcomes":"No agent outcome data yet","agentProvenScore":0,"outcomeConfidence":"0%","installPolicy":"agent_install_candidate"},"installReadiness":{"ready":true,"command":"npx skills add aquasecurity/trivy-operator","policy":"agent_install_candidate","label":"Agent install candidate","notes":["Install path is available","Repository evidence is available","License is declared","No Agent Proven outcome evidence yet","17d since push","Trust Score v5 requires review or sandbox-only use before install."]},"agentCompatibility":["Go","Kubernetes","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"low","label":"Low metadata risk","notes":["No major trust warnings detected from available metadata"]},"outcomeEvidence":{"total":0,"successes":0,"failures":0,"notRelevant":0,"successRate":null,"installAttempts":0,"riskBlocked":0,"setupRequired":0,"installSuccessRate":null,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"recentSuccessRate":null,"recentFailureRate":null,"uniqueAgents":0,"agentProvenScore":0,"agentProvenLabel":"Needs first agent run","lastOutcomeAt":null,"label":"No agent outcome data yet"},"autoInstall":{"allowed":false,"sandboxRequired":true,"policy":"agent_install_candidate","reason":"Ask for approval or run a sandbox-only trial before installing."},"outcome_loop":{"version":"openagentskill-agent-outcome-v3","required_after_install":true,"endpoint":"/api/agent/outcome","method":"POST","event_id_source":"feedback.event_id, install_receipt.resolve_event_id, or decision_packet.outcome_feedback.event_id","expected_outcomes":["success","failed","not_relevant","blocked_by_risk","setup_required"],"required_fields":["event_id","skill_slug","task"],"quality_fields":["task_success","output_quality","error_type","human_review_required","used_in_production","workspace","evidence_url","time_to_useful_ms"],"ranking_inputs_updated":["Trust Score v5 outcome confidence","Agent Proven Score","Resolve ranking task-fit evidence","Skill detail machine-readable metadata","Outcome leaderboard"]},"agent_contract":{"suited_tasks":["devops","kubernetes","cloud-native","golang","misconfiguration","octoberfest"],"suited_agents":["Go","Kubernetes","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"install_command":"npx skills add aquasecurity/trivy-operator","trust_score":86,"trust_version":"trust-score-v5","risk_level":"low","do_not_use_when":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"before_install":["Read the audit page and machine-readable metadata.","Confirm the install command, license, and permission surface fit the workspace.","Get explicit human approval or choose an alternative before installing."],"after_run":["Report the outcome to /api/agent/outcome using the resolve event id.","Include output_quality, workspace, human_review_required, and evidence_url when available.","Re-resolve before broad production rollout."]},"bestFor":["devops","kubernetes","cloud-native","golang","misconfiguration","octoberfest"],"doNotUseFor":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"knownRisks":[],"backward_compatible":{"trust_score_v4":{"version":"trust-score-v4","score":89,"tier":"production","label":"Production candidate","summary":"Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability."}}},"trust_score_v5":{"version":"trust-score-v5","score":86,"base_score":89,"outcome_confidence":0,"tier":"strong","label":"Review then install","summary":"Good shortlist signal, but the agent should review audit notes, install policy, and outcome evidence before running it.","recommendedAction":"Use as the primary candidate after human or sandbox review.","decision":{"install_policy":"agent_install_candidate","auto_install_allowed":false,"human_review_required":true,"sandbox_first":true,"agent_action":"Ask for approval or run a sandbox-only trial before installing.","reasoning":["86/100 Trust Score v5","89/100 Trust Score v4 baseline","Needs more real agent outcomes before unattended install","Install path is available","Low metadata risk"],"review_required_when":["The workspace contains production secrets, payments, private customer data, or irreversible actions.","The install command requests shell, network, credential, database, or broad filesystem access.","Outcome evidence is missing, recently failed, or required human review.","Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"]},"dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":86,"weight":0.13,"status":"pass","detail":"1.9K GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":83,"weight":0.08,"status":"pass","detail":"1.9K stars, 274 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":100,"weight":0.14,"status":"pass","detail":"17d since push"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"Apache-2.0"},{"id":"documentation","label":"README/SKILL.md completeness","score":74,"weight":0.14,"status":"info","detail":"Public metadata needs stronger README/SKILL.md context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":90,"weight":0.12,"status":"pass","detail":"no major dependency risk hints in public metadata"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add aquasecurity/trivy-operator"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":86,"weight":0.07,"status":"pass","detail":"filesystem or document access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/aquasecurity/trivy-operator"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"},{"id":"agent_outcomes","label":"Agent Proven outcomes","score":54,"weight":0.13,"status":"info","detail":"No agent outcome data yet"}],"checks":[{"status":"pass","label":"GitHub adoption","detail":"1.9K GitHub stars"},{"status":"pass","label":"Stars/forks activity","detail":"1.9K stars, 274 forks; issue activity unavailable in current metadata"},{"status":"pass","label":"Recent maintenance","detail":"17d since push"},{"status":"pass","label":"License clarity","detail":"Apache-2.0"},{"status":"info","label":"README/SKILL.md completeness","detail":"Public metadata needs stronger README/SKILL.md context"},{"status":"pass","label":"Dependency/runtime risk","detail":"no major dependency risk hints in public metadata"},{"status":"pass","label":"Install availability","detail":"npx skills add aquasecurity/trivy-operator"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"pass","label":"Permission surface","detail":"filesystem or document access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/aquasecurity/trivy-operator"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"info","label":"Agent Proven outcomes","detail":"No agent outcome data yet"},{"status":"pass","label":"Ownership","detail":"Listing manually verified"},{"status":"pass","label":"OpenAgentSkill usage","detail":"1 views, 0 install copies"},{"status":"info","label":"Agent outcomes","detail":"No agent outcome data yet"}],"strengths":["Manually verified listing","AI review approved","Install path is available","Repository evidence is available","Recently maintained repository","Meaningful GitHub adoption signal","Install command has no obvious high-risk pattern","Outcome loop is ready but needs first real agent run"],"warnings":["No real agent outcome reports yet","Human review required before unattended installation"],"evidence":{"stars":"1.9K GitHub stars","repoActivity":"1.9K stars, 274 forks","lastPushed":"17d since push","license":"Apache-2.0","repository":"https://github.com/aquasecurity/trivy-operator","install":"npx skills add aquasecurity/trivy-operator","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access","documentation":"Usable metadata, review docs","agentOutcomes":"No agent outcome data yet","agentProvenScore":0,"outcomeConfidence":"0%","installPolicy":"agent_install_candidate"},"installReadiness":{"ready":true,"command":"npx skills add aquasecurity/trivy-operator","policy":"agent_install_candidate","label":"Agent install candidate","notes":["Install path is available","Repository evidence is available","License is declared","No Agent Proven outcome evidence yet","17d since push","Trust Score v5 requires review or sandbox-only use before install."]},"agentCompatibility":["Go","Kubernetes","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"low","label":"Low metadata risk","notes":["No major trust warnings detected from available metadata"]},"outcomeEvidence":{"total":0,"successes":0,"failures":0,"notRelevant":0,"successRate":null,"installAttempts":0,"riskBlocked":0,"setupRequired":0,"installSuccessRate":null,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"recentSuccessRate":null,"recentFailureRate":null,"uniqueAgents":0,"agentProvenScore":0,"agentProvenLabel":"Needs first agent run","lastOutcomeAt":null,"label":"No agent outcome data yet"},"autoInstall":{"allowed":false,"sandboxRequired":true,"policy":"agent_install_candidate","reason":"Ask for approval or run a sandbox-only trial before installing."},"outcome_loop":{"version":"openagentskill-agent-outcome-v3","required_after_install":true,"endpoint":"/api/agent/outcome","method":"POST","event_id_source":"feedback.event_id, install_receipt.resolve_event_id, or decision_packet.outcome_feedback.event_id","expected_outcomes":["success","failed","not_relevant","blocked_by_risk","setup_required"],"required_fields":["event_id","skill_slug","task"],"quality_fields":["task_success","output_quality","error_type","human_review_required","used_in_production","workspace","evidence_url","time_to_useful_ms"],"ranking_inputs_updated":["Trust Score v5 outcome confidence","Agent Proven Score","Resolve ranking task-fit evidence","Skill detail machine-readable metadata","Outcome leaderboard"]},"agent_contract":{"suited_tasks":["devops","kubernetes","cloud-native","golang","misconfiguration","octoberfest"],"suited_agents":["Go","Kubernetes","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"install_command":"npx skills add aquasecurity/trivy-operator","trust_score":86,"trust_version":"trust-score-v5","risk_level":"low","do_not_use_when":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"before_install":["Read the audit page and machine-readable metadata.","Confirm the install command, license, and permission surface fit the workspace.","Get explicit human approval or choose an alternative before installing."],"after_run":["Report the outcome to /api/agent/outcome using the resolve event id.","Include output_quality, workspace, human_review_required, and evidence_url when available.","Re-resolve before broad production rollout."]},"bestFor":["devops","kubernetes","cloud-native","golang","misconfiguration","octoberfest"],"doNotUseFor":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"knownRisks":[],"backward_compatible":{"trust_score_v4":{"version":"trust-score-v4","score":89,"tier":"production","label":"Production candidate","summary":"Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability."}}},"trust_score_v4":{"version":"trust-score-v4","score":89,"tier":"production","label":"Production candidate","summary":"Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability.","recommendedAction":"Shortlist for production use, then run a normal repository and dependency review.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":86,"weight":0.13,"status":"pass","detail":"1.9K GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":83,"weight":0.08,"status":"pass","detail":"1.9K stars, 274 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":100,"weight":0.14,"status":"pass","detail":"17d since push"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"Apache-2.0"},{"id":"documentation","label":"README/SKILL.md completeness","score":74,"weight":0.14,"status":"info","detail":"Public metadata needs stronger README/SKILL.md context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":90,"weight":0.12,"status":"pass","detail":"no major dependency risk hints in public metadata"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add aquasecurity/trivy-operator"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":86,"weight":0.07,"status":"pass","detail":"filesystem or document access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/aquasecurity/trivy-operator"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"},{"id":"agent_outcomes","label":"Agent Proven outcomes","score":54,"weight":0.13,"status":"info","detail":"No agent outcome data yet"}],"checks":[{"status":"pass","label":"GitHub adoption","detail":"1.9K GitHub stars"},{"status":"pass","label":"Stars/forks activity","detail":"1.9K stars, 274 forks; issue activity unavailable in current metadata"},{"status":"pass","label":"Recent maintenance","detail":"17d since push"},{"status":"pass","label":"License clarity","detail":"Apache-2.0"},{"status":"info","label":"README/SKILL.md completeness","detail":"Public metadata needs stronger README/SKILL.md context"},{"status":"pass","label":"Dependency/runtime risk","detail":"no major dependency risk hints in public metadata"},{"status":"pass","label":"Install availability","detail":"npx skills add aquasecurity/trivy-operator"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"pass","label":"Permission surface","detail":"filesystem or document access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/aquasecurity/trivy-operator"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"info","label":"Agent Proven outcomes","detail":"No agent outcome data yet"},{"status":"pass","label":"Ownership","detail":"Listing manually verified"},{"status":"pass","label":"OpenAgentSkill usage","detail":"1 views, 0 install copies"},{"status":"info","label":"Agent outcomes","detail":"No agent outcome data yet"}],"strengths":["Manually verified listing","AI review approved","Install path is available","Repository evidence is available","Recently maintained repository","Meaningful GitHub adoption signal","Install command has no obvious high-risk pattern"],"warnings":[],"evidence":{"stars":"1.9K GitHub stars","repoActivity":"1.9K stars, 274 forks","lastPushed":"17d since push","license":"Apache-2.0","repository":"https://github.com/aquasecurity/trivy-operator","install":"npx skills add aquasecurity/trivy-operator","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access","documentation":"Usable metadata, review docs","agentOutcomes":"No agent outcome data yet"},"installReadiness":{"ready":true,"command":"npx skills add aquasecurity/trivy-operator","policy":"agent_install_candidate","label":"Agent install candidate","notes":["Install path is available","Repository evidence is available","License is declared","No Agent Proven outcome evidence yet","17d since push"]},"agentCompatibility":["Go","Kubernetes","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"low","label":"Low metadata risk","notes":["No major trust warnings detected from available metadata"]},"outcomeEvidence":{"total":0,"successes":0,"failures":0,"notRelevant":0,"successRate":null,"installAttempts":0,"riskBlocked":0,"setupRequired":0,"installSuccessRate":null,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"recentSuccessRate":null,"recentFailureRate":null,"uniqueAgents":0,"agentProvenScore":0,"agentProvenLabel":"Needs first agent run","lastOutcomeAt":null,"label":"No agent outcome data yet"},"autoInstall":{"allowed":true,"sandboxRequired":true,"policy":"agent_install_candidate","reason":"Trust Score v4 allows sandbox-first agent installation after normal workspace review."},"bestFor":["devops","kubernetes","cloud-native","golang","misconfiguration","octoberfest"],"doNotUseFor":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"knownRisks":[]},"agent_proven":{"version":"agent-proven-v1","score":0,"tier":"unproven","label":"Needs first agent run","summary":"No agent outcome reports yet. Use Resolve, run one narrow sandbox task, then report the result.","metrics":{"totalOutcomes":0,"successfulOutcomes":0,"failedOutcomes":0,"installAttempts":0,"installSuccessRate":null,"successRate":null,"recentSuccessRate":null,"recentFailureRate":null,"riskBlocked":0,"setupRequired":0,"notRelevant":0,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"uniqueAgents":0,"lastOutcomeAt":null},"signals":[],"penalties":["No real agent outcome evidence yet"]},"outcome_stats":null,"safety":{"score":86,"level":"safe_to_install","label":"Safe to install with normal review","safety_tier":{"tier":"verified","label":"Verified","badge":"VERIFIED","summary":"Strong metadata, audit, install, and review signals. Suitable for agent shortlists after normal workspace review.","recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","auto_install_policy":"allow","reasons":["Verified listing","Safe-to-try audit","86/100 agent safety score"]},"auto_install_allowed":true,"human_review_required":false,"blocked":false,"audit_risk":"safe_to_try","permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"}],"policy_warnings":[],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"verified","label":"Verified","badge":"VERIFIED","auto_install_policy":"allow","auto_install_allowed":true,"blocked":false,"human_review_required":false,"recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","reasons":["Verified listing","Safe-to-try audit","86/100 agent safety score"]},"eval":{"version":"openagentskill-skill-eval-v1","status":"passed","score":92,"risk_level":"low","decision":{"recommendation":"shortlist","reason":"All required eval gates passed for an agent shortlist.","auto_install_allowed":true,"policy":"allow","human_review_required":false},"blockers":[],"warnings":["README/SKILL.md completeness: Public metadata needs stronger README/SKILL.md context"],"validation_plan":["Inspect repository, README/SKILL.md, license, and recent commits before production use.","Install in an isolated workspace or sandbox with no production secrets available.","Run the smallest representative task and record files touched, commands run, network access, and outputs.","Compare the selected skill against at least one alternative when the eval status is review or failed.","Promote only after the agent reports a successful verification result and unresolved warnings are accepted."],"checks":[{"id":"task_fit","label":"Task fit","status":"pass","score":94,"required_for_auto_install":true,"detail":"Task wording matches this skill metadata.","evidence":["Evaluate Trivy Operator before installing it in an agent workflow","devops","Coding agents workflows; Claude Code teams; teams that value GitHub adoption signals"]},{"id":"install_path","label":"Install path","status":"pass","score":92,"required_for_auto_install":true,"detail":"Install handoff is available.","evidence":["npx skills add aquasecurity/trivy-operator"]},{"id":"install_safety","label":"Install command safety","status":"pass","score":92,"required_for_auto_install":true,"detail":"standard package or runtime install path","evidence":["npx skills add aquasecurity/trivy-operator"]},{"id":"trust_score","label":"Trust score","status":"pass","score":89,"required_for_auto_install":true,"detail":"Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability.","evidence":["Production candidate","1.9K GitHub stars","Apache-2.0"]},{"id":"audit_score","label":"Audit score","status":"pass","score":94,"required_for_auto_install":true,"detail":"Safe to try","evidence":["No major audit warning from metadata."]},{"id":"agent_safety_gate","label":"Agent safety gate","status":"pass","score":86,"required_for_auto_install":true,"detail":"Strong metadata, audit, install, and review signals. Suitable for agent shortlists after normal workspace review.","evidence":["Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","Verified listing"]},{"id":"readme_skillmd_completeness","label":"README/SKILL.md completeness","status":"warn","score":74,"required_for_auto_install":false,"detail":"Public metadata needs stronger README/SKILL.md context","evidence":["Usable metadata, review docs"]},{"id":"license_clarity","label":"License clarity","status":"pass","score":86,"required_for_auto_install":true,"detail":"Apache-2.0","evidence":["Apache-2.0"]},{"id":"recent_maintenance","label":"Recent maintenance","status":"pass","score":100,"required_for_auto_install":false,"detail":"17d since push","evidence":["17d since push"]},{"id":"permission_surface","label":"Permission surface","status":"pass","score":86,"required_for_auto_install":true,"detail":"filesystem or document access","evidence":["Network access: medium","Filesystem access: medium"]},{"id":"alternatives","label":"Alternatives available","status":"info","score":55,"required_for_auto_install":false,"detail":"No close alternatives were found in the current shortlist.","evidence":[]}],"endpoints":{"web":"https://www.openagentskill.com/skills/aquasecurity-trivy-operator/evals","api":"/api/agent/evals?slug=aquasecurity-trivy-operator","text":"/api/agent/evals?slug=aquasecurity-trivy-operator&format=text"}},"agent_readable_metadata":{"version":"openagentskill-agent-metadata-v2","skill":{"slug":"aquasecurity-trivy-operator","name":"Trivy Operator","description":"Kubernetes-native security toolkit","category":"devops","url":"https://www.openagentskill.com/skills/aquasecurity-trivy-operator","repository":"https://github.com/aquasecurity/trivy-operator","github_repo":"aquasecurity/trivy-operator"},"suited_tasks":["Coding agents workflows","Claude Code teams","teams that value GitHub adoption signals","Inspect source files","Explain architecture","Patch bugs and verify changes","Chunk documents","Create embeddings"],"suited_agents":["Go","Kubernetes","Codex","Claude Code","Cursor","OpenAgentSkill CLI","CLI"],"install":{"command":"npx skills add aquasecurity/trivy-operator","ready":true,"targets":[{"id":"openagentskill-cli","label":"CLI","kind":"command","value":"npx skills add aquasecurity/trivy-operator"},{"id":"codex","label":"Codex","kind":"agent-prompt","value":"Install the \"Trivy Operator\" agent skill from https://github.com/aquasecurity/trivy-operator. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Kubernetes-native security toolkit"},{"id":"claude-code","label":"Claude Code","kind":"agent-prompt","value":"Add \"Trivy Operator\" as a Claude Code skill from https://github.com/aquasecurity/trivy-operator. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Kubernetes-native security toolkit"},{"id":"cursor","label":"Cursor","kind":"agent-prompt","value":"Turn \"Trivy Operator\" from https://github.com/aquasecurity/trivy-operator into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Kubernetes-native security toolkit"}],"handoff_url":"https://www.openagentskill.com/api/skills/aquasecurity-trivy-operator/install","manifest_url":"https://www.openagentskill.com/api/registry/manifest/aquasecurity-trivy-operator"},"trust":{"score":89,"label":"Production candidate","version":"trust-score-v4","install_policy":"agent_install_candidate","evidence":{"stars":"1.9K GitHub stars","repoActivity":"1.9K stars, 274 forks","lastPushed":"17d since push","license":"Apache-2.0","repository":"https://github.com/aquasecurity/trivy-operator","install":"npx skills add aquasecurity/trivy-operator","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access","documentation":"Usable metadata, review docs","agentOutcomes":"No agent outcome data yet"},"outcome_evidence":{"total":0,"successes":0,"failures":0,"not_relevant":0,"success_rate":null,"recent_success_rate":null,"recent_failure_rate":null,"install_attempts":0,"install_success_rate":null,"risk_blocked":0,"setup_required":0,"avg_output_quality":null,"production_outcomes":0,"last_outcome_at":null,"label":"No agent outcome data yet"},"auto_install":{"allowed":true,"sandbox_required":true,"reason":"Trust Score v4 allows sandbox-first agent installation after normal workspace review."},"best_for":["devops","kubernetes","cloud-native","golang","misconfiguration","octoberfest"],"known_risks":[]},"agent_proven":{"version":"agent-proven-v1","score":0,"tier":"unproven","label":"Needs first agent run","summary":"No agent outcome reports yet. Use Resolve, run one narrow sandbox task, then report the result.","metrics":{"totalOutcomes":0,"successfulOutcomes":0,"failedOutcomes":0,"installAttempts":0,"installSuccessRate":null,"successRate":null,"recentSuccessRate":null,"recentFailureRate":null,"riskBlocked":0,"setupRequired":0,"notRelevant":0,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"uniqueAgents":0,"lastOutcomeAt":null},"signals":[],"penalties":["No real agent outcome evidence yet"]},"audit":{"score":94,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":[]},"safety_gate":{"tier":"verified","label":"Verified","auto_install_policy":"allow","auto_install_allowed":true,"human_review_required":false,"blocked":false,"recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task."},"quality":{"score":100,"label":"Excellent"},"supply":{"track":"Coding and developer agents","scenario":"Coding agents","maintenance":"17d since push","risk":"Safe to try"},"alternative_skills":[],"do_not_use_when":["teams that need a vendor-supported SLA","high-compliance environments without internal security review","No major risk signals from current metadata","No major trust warnings detected from available metadata","Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"agent_contract":{"task_input":"Use Trivy Operator in an agent workflow","recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","install_policy":"allow","minimum_review_before_use":["Trust: 89/100 Production candidate","Audit: 94/100 Safe to try","Safety: 86/100 Safe to install with normal review","Review repository, license, install command, and permission surface before production use."],"expected_agent_output":{"selected_skill":"aquasecurity-trivy-operator (Trivy Operator)","install_command":"npx skills add aquasecurity/trivy-operator","risk_summary":"Safe to try; Verified; Low metadata risk","verification_result":"Report the smallest successful task, files touched, warnings, and any missing setup."}},"outcome_feedback":{"endpoint":"https://www.openagentskill.com/api/agent/outcome","method":"POST","requires_resolve_event_id":true,"event_id_source":"Use install_receipt.outcome_feedback.event_id or feedback.event_id returned by /api/agent/resolve for the current task.","expected_outcomes":["success","failed","not_relevant","blocked_by_risk","setup_required"],"payload_template":{"event_id":"<install_receipt.outcome_feedback.event_id or feedback.event_id from /api/agent/resolve>","skill_slug":"aquasecurity-trivy-operator","task":"Use Trivy Operator in an agent workflow","agent":"codex","outcome":"success","install_used":true,"risk_blocked":false,"setup_required":false,"task_success":true,"output_quality":4,"error_type":null,"human_review_required":false,"workspace":"sandbox","time_to_useful_ms":120000,"notes":"Report the smallest successful task, setup friction, files touched, and risk notes."}},"endpoints":{"web":"https://www.openagentskill.com/skills/aquasecurity-trivy-operator","api":"https://www.openagentskill.com/api/agent/skills/aquasecurity-trivy-operator","audit":"https://www.openagentskill.com/skills/aquasecurity-trivy-operator/audit","eval":"https://www.openagentskill.com/api/agent/evals?slug=aquasecurity-trivy-operator&task=Use%20Trivy%20Operator%20in%20an%20agent%20workflow&max_risk=medium","resolve":"https://www.openagentskill.com/api/agent/resolve?task=Use%20Trivy%20Operator%20in%20an%20agent%20workflow&agent=codex&max_risk=medium","receipt":"https://www.openagentskill.com/api/agent/receipt?task=Use%20Trivy%20Operator%20in%20an%20agent%20workflow&agent=codex&max_risk=medium&format=text","install":"https://www.openagentskill.com/api/skills/aquasecurity-trivy-operator/install","manifest":"https://www.openagentskill.com/api/registry/manifest/aquasecurity-trivy-operator"}},"machine_metadata":{"version":"openagentskill-agent-metadata-v2","skill":{"slug":"aquasecurity-trivy-operator","name":"Trivy Operator","description":"Kubernetes-native security toolkit","category":"devops","url":"https://www.openagentskill.com/skills/aquasecurity-trivy-operator","repository":"https://github.com/aquasecurity/trivy-operator","github_repo":"aquasecurity/trivy-operator"},"suited_tasks":["Coding agents workflows","Claude Code teams","teams that value GitHub adoption signals","Inspect source files","Explain architecture","Patch bugs and verify changes","Chunk documents","Create embeddings"],"suited_agents":["Go","Kubernetes","Codex","Claude Code","Cursor","OpenAgentSkill CLI","CLI"],"install":{"command":"npx skills add aquasecurity/trivy-operator","ready":true,"targets":[{"id":"openagentskill-cli","label":"CLI","kind":"command","value":"npx skills add aquasecurity/trivy-operator"},{"id":"codex","label":"Codex","kind":"agent-prompt","value":"Install the \"Trivy Operator\" agent skill from https://github.com/aquasecurity/trivy-operator. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Kubernetes-native security toolkit"},{"id":"claude-code","label":"Claude Code","kind":"agent-prompt","value":"Add \"Trivy Operator\" as a Claude Code skill from https://github.com/aquasecurity/trivy-operator. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Kubernetes-native security toolkit"},{"id":"cursor","label":"Cursor","kind":"agent-prompt","value":"Turn \"Trivy Operator\" from https://github.com/aquasecurity/trivy-operator into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Kubernetes-native security toolkit"}],"handoff_url":"https://www.openagentskill.com/api/skills/aquasecurity-trivy-operator/install","manifest_url":"https://www.openagentskill.com/api/registry/manifest/aquasecurity-trivy-operator"},"trust":{"score":89,"label":"Production candidate","version":"trust-score-v4","install_policy":"agent_install_candidate","evidence":{"stars":"1.9K GitHub stars","repoActivity":"1.9K stars, 274 forks","lastPushed":"17d since push","license":"Apache-2.0","repository":"https://github.com/aquasecurity/trivy-operator","install":"npx skills add aquasecurity/trivy-operator","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access","documentation":"Usable metadata, review docs","agentOutcomes":"No agent outcome data yet"},"outcome_evidence":{"total":0,"successes":0,"failures":0,"not_relevant":0,"success_rate":null,"recent_success_rate":null,"recent_failure_rate":null,"install_attempts":0,"install_success_rate":null,"risk_blocked":0,"setup_required":0,"avg_output_quality":null,"production_outcomes":0,"last_outcome_at":null,"label":"No agent outcome data yet"},"auto_install":{"allowed":true,"sandbox_required":true,"reason":"Trust Score v4 allows sandbox-first agent installation after normal workspace review."},"best_for":["devops","kubernetes","cloud-native","golang","misconfiguration","octoberfest"],"known_risks":[]},"agent_proven":{"version":"agent-proven-v1","score":0,"tier":"unproven","label":"Needs first agent run","summary":"No agent outcome reports yet. Use Resolve, run one narrow sandbox task, then report the result.","metrics":{"totalOutcomes":0,"successfulOutcomes":0,"failedOutcomes":0,"installAttempts":0,"installSuccessRate":null,"successRate":null,"recentSuccessRate":null,"recentFailureRate":null,"riskBlocked":0,"setupRequired":0,"notRelevant":0,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"uniqueAgents":0,"lastOutcomeAt":null},"signals":[],"penalties":["No real agent outcome evidence yet"]},"audit":{"score":94,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":[]},"safety_gate":{"tier":"verified","label":"Verified","auto_install_policy":"allow","auto_install_allowed":true,"human_review_required":false,"blocked":false,"recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task."},"quality":{"score":100,"label":"Excellent"},"supply":{"track":"Coding and developer agents","scenario":"Coding agents","maintenance":"17d since push","risk":"Safe to try"},"alternative_skills":[],"do_not_use_when":["teams that need a vendor-supported SLA","high-compliance environments without internal security review","No major risk signals from current metadata","No major trust warnings detected from available metadata","Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"agent_contract":{"task_input":"Use Trivy Operator in an agent workflow","recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","install_policy":"allow","minimum_review_before_use":["Trust: 89/100 Production candidate","Audit: 94/100 Safe to try","Safety: 86/100 Safe to install with normal review","Review repository, license, install command, and permission surface before production use."],"expected_agent_output":{"selected_skill":"aquasecurity-trivy-operator (Trivy Operator)","install_command":"npx skills add aquasecurity/trivy-operator","risk_summary":"Safe to try; Verified; Low metadata risk","verification_result":"Report the smallest successful task, files touched, warnings, and any missing setup."}},"outcome_feedback":{"endpoint":"https://www.openagentskill.com/api/agent/outcome","method":"POST","requires_resolve_event_id":true,"event_id_source":"Use install_receipt.outcome_feedback.event_id or feedback.event_id returned by /api/agent/resolve for the current task.","expected_outcomes":["success","failed","not_relevant","blocked_by_risk","setup_required"],"payload_template":{"event_id":"<install_receipt.outcome_feedback.event_id or feedback.event_id from /api/agent/resolve>","skill_slug":"aquasecurity-trivy-operator","task":"Use Trivy Operator in an agent workflow","agent":"codex","outcome":"success","install_used":true,"risk_blocked":false,"setup_required":false,"task_success":true,"output_quality":4,"error_type":null,"human_review_required":false,"workspace":"sandbox","time_to_useful_ms":120000,"notes":"Report the smallest successful task, setup friction, files touched, and risk notes."}},"endpoints":{"web":"https://www.openagentskill.com/skills/aquasecurity-trivy-operator","api":"https://www.openagentskill.com/api/agent/skills/aquasecurity-trivy-operator","audit":"https://www.openagentskill.com/skills/aquasecurity-trivy-operator/audit","eval":"https://www.openagentskill.com/api/agent/evals?slug=aquasecurity-trivy-operator&task=Use%20Trivy%20Operator%20in%20an%20agent%20workflow&max_risk=medium","resolve":"https://www.openagentskill.com/api/agent/resolve?task=Use%20Trivy%20Operator%20in%20an%20agent%20workflow&agent=codex&max_risk=medium","receipt":"https://www.openagentskill.com/api/agent/receipt?task=Use%20Trivy%20Operator%20in%20an%20agent%20workflow&agent=codex&max_risk=medium&format=text","install":"https://www.openagentskill.com/api/skills/aquasecurity-trivy-operator/install","manifest":"https://www.openagentskill.com/api/registry/manifest/aquasecurity-trivy-operator"}},"supply_profile":{"track":{"slug":"coding","label":"Coding and developer agents","shortLabel":"Coding","description":"Code review, repo analysis, testing, CI, GitHub, DevOps, and developer workflow skills."},"scenario":{"label":"Coding agents","description":"I need a coding agent that can understand a repository, edit code, and review pull requests.","useCases":[{"slug":"coding-agents","title":"Coding agents"},{"slug":"rag-knowledge","title":"RAG and knowledge"},{"slug":"workflow-automation","title":"Workflow automation"}]},"applicableAgents":["Claude Code","CLI","Codex","Cursor","Go"],"install":{"ready":true,"command":"npx skills add aquasecurity/trivy-operator","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":1889,"starsLabel":"1.9K","forks":274,"license":"Apache-2.0","qualityScore":100,"trustScore":89,"auditScore":94},"maintenance":{"status":"fresh","label":"17d since push","daysSincePush":17,"lastPushedAt":"2026-06-16T04:28:44+00:00"},"risk":{"level":"safe_to_try","label":"Safe to try","requiresReview":false,"notes":["No major risk signals from available metadata"]},"coverageTags":["Coding","Coding agents","devops","kubernetes","cloud-native","golang","misconfiguration","octoberfest"]},"audit":{"audit_score":94,"risk_level":"safe_to_try","risk_label":"Safe to try","quality_score":100,"trust_score":89,"maintenance_score":100,"security_score":88,"install_score":92,"warnings":[]},"quality_signals":{"model":"v1","star_score":22.94,"usage_score":0,"review_score":11.7,"metadata_score":15,"freshness_score":15},"platforms":["Go","Kubernetes","Claude Code"],"use_cases":[{"slug":"coding-agents","title":"Coding agents","url":"https://www.openagentskill.com/use-cases/coding-agents"},{"slug":"rag-knowledge","title":"RAG and knowledge","url":"https://www.openagentskill.com/use-cases/rag-knowledge"},{"slug":"workflow-automation","title":"Workflow automation","url":"https://www.openagentskill.com/use-cases/workflow-automation"},{"slug":"sports-analytics","title":"Sports analytics","url":"https://www.openagentskill.com/use-cases/sports-analytics"}],"stacks":[{"slug":"content-growth-agent","title":"Content growth agent","url":"https://www.openagentskill.com/collections/content-growth-agent"},{"slug":"coding-review-agent","title":"Coding review agent","url":"https://www.openagentskill.com/collections/coding-review-agent"},{"slug":"rag-knowledge-base","title":"RAG knowledge base","url":"https://www.openagentskill.com/collections/rag-knowledge-base"}],"install":"npx skills add aquasecurity/trivy-operator","install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add aquasecurity/trivy-operator","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"Trivy Operator\" agent skill from https://github.com/aquasecurity/trivy-operator. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Kubernetes-native security toolkit","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"Trivy Operator\" as a Claude Code skill from https://github.com/aquasecurity/trivy-operator. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Kubernetes-native security toolkit","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"Trivy Operator\" from https://github.com/aquasecurity/trivy-operator into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Kubernetes-native security toolkit","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"repository":"https://github.com/aquasecurity/trivy-operator","github_repo":"aquasecurity/trivy-operator","version":"1.0.0","license":"Apache-2.0","urls":{"web":"https://www.openagentskill.com/skills/aquasecurity-trivy-operator","repository":"https://github.com/aquasecurity/trivy-operator","api":"/api/agent/skills/aquasecurity-trivy-operator","install_api":"/api/skills/aquasecurity-trivy-operator/install"},"meta":{"created_at":"2026-06-16T09:25:46.592435+00:00","updated_at":"2026-06-16T09:25:46.592435+00:00","agent_friendly":true}}