{"task":"Use Security Code Review in an agent workflow","recommendations":[{"rank":1,"skill":"Open Code Review","slug":"alibaba-open-code-review","description":"Open-source & free — Battle-tested at Alibaba's scale. Hybrid architecture code review tool: deterministic pipelines + LLM Agent, precise line-level comments, built-in fine-tuned ruleset (NPE, thread-safety, XSS, SQL injection), OpenAI & Anthropic compatible.","confidence":"0.94","match_score":94,"raw_match_score":281.3668398200597,"match_label":"Strong task match","safety_adjusted_score":303.3668398200597,"install":"npx skills add alibaba/open-code-review","repository":"https://github.com/alibaba/open-code-review","stats":{"stars":9875,"downloads":0,"rating":0,"quality_score":69.66},"quality":{"score":100,"tier":"excellent","label":"Excellent","summary":"High-confidence pick with strong adoption and healthy maintenance signals.","signals":[{"label":"GitHub stars","value":"9.9K","tone":"positive"},{"label":"Freshness","value":"Today","tone":"positive"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"Apache-2.0","tone":"neutral"}],"warnings":[]},"trust":{"version":"trust-score-v4","score":91,"tier":"production","label":"Production candidate","summary":"Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability.","recommendedAction":"Shortlist for production use, then run a normal repository and dependency review.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":94,"weight":0.13,"status":"pass","detail":"9.9K GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":88,"weight":0.08,"status":"pass","detail":"9.9K stars, 646 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":100,"weight":0.14,"status":"pass","detail":"Pushed today"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"Apache-2.0"},{"id":"documentation","label":"README/SKILL.md completeness","score":90,"weight":0.14,"status":"pass","detail":"Metadata includes enough usage and workflow context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":82,"weight":0.12,"status":"pass","detail":"database surface"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add alibaba/open-code-review"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":74,"weight":0.07,"status":"info","detail":"filesystem or document access, database access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/alibaba/open-code-review"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"},{"id":"agent_outcomes","label":"Agent Proven outcomes","score":54,"weight":0.13,"status":"info","detail":"No agent outcome data yet"}],"checks":[{"status":"pass","label":"GitHub adoption","detail":"9.9K GitHub stars"},{"status":"pass","label":"Stars/forks activity","detail":"9.9K stars, 646 forks; issue activity unavailable in current metadata"},{"status":"pass","label":"Recent maintenance","detail":"Pushed today"},{"status":"pass","label":"License clarity","detail":"Apache-2.0"},{"status":"pass","label":"README/SKILL.md completeness","detail":"Metadata includes enough usage and workflow context"},{"status":"pass","label":"Dependency/runtime risk","detail":"database surface"},{"status":"pass","label":"Install availability","detail":"npx skills add alibaba/open-code-review"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"info","label":"Permission surface","detail":"filesystem or document access, database access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/alibaba/open-code-review"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"info","label":"Agent Proven outcomes","detail":"No agent outcome data yet"},{"status":"pass","label":"Ownership","detail":"Listing manually verified"},{"status":"info","label":"OpenAgentSkill usage","detail":"No local usage activity yet"},{"status":"info","label":"Agent outcomes","detail":"No agent outcome data yet"}],"strengths":["Manually verified listing","AI review approved","Install path is available","Repository evidence is available","Recently maintained repository","Large GitHub adoption signal","Install command has no obvious high-risk pattern"],"warnings":[],"evidence":{"stars":"9.9K GitHub stars","repoActivity":"9.9K stars, 646 forks","lastPushed":"Pushed today","license":"Apache-2.0","repository":"https://github.com/alibaba/open-code-review","install":"npx skills add alibaba/open-code-review","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access, database access","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"},"installReadiness":{"ready":true,"command":"npx skills add alibaba/open-code-review","policy":"agent_install_candidate","label":"Agent install candidate","notes":["Install path is available","Repository evidence is available","License is declared","No Agent Proven outcome evidence yet","Pushed today"]},"agentCompatibility":["Go","Code Review","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"low","label":"Low metadata risk","notes":["No major trust warnings detected from available metadata"]},"outcomeEvidence":{"total":0,"successes":0,"failures":0,"notRelevant":0,"successRate":null,"installAttempts":0,"riskBlocked":0,"setupRequired":0,"installSuccessRate":null,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"recentSuccessRate":null,"recentFailureRate":null,"uniqueAgents":0,"agentProvenScore":0,"agentProvenLabel":"Needs first agent run","lastOutcomeAt":null,"label":"No agent outcome data yet"},"autoInstall":{"allowed":true,"sandboxRequired":true,"policy":"agent_install_candidate","reason":"Trust Score v4 allows sandbox-first agent installation after normal workspace review."},"bestFor":["development","code-review","developer-tools","agent","code-review-assistant","harness"],"doNotUseFor":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"knownRisks":[]},"safety":{"score":82,"level":"safe_to_install","label":"Safe to install with normal review","safety_tier":{"tier":"verified","label":"Verified","badge":"VERIFIED","summary":"Strong metadata, audit, install, and review signals. Suitable for agent shortlists after normal workspace review.","recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","auto_install_policy":"allow","reasons":["Verified listing","Safe-to-try audit","82/100 agent safety score"]},"auto_install_allowed":true,"human_review_required":false,"blocked":false,"audit_risk":"safe_to_try","permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"},{"id":"database","label":"Database access","reason":"Skill may inspect schemas, query databases, or work with persistent stores.","severity":"medium"}],"policy_warnings":[],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"verified","label":"Verified","badge":"VERIFIED","auto_install_policy":"allow","auto_install_allowed":true,"human_review_required":false,"blocked":false,"recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","reasons":["Verified listing","Safe-to-try audit","82/100 agent safety score"]},"supply_profile":{"track":{"slug":"coding","label":"Coding and developer agents","shortLabel":"Coding","description":"Code review, repo analysis, testing, CI, GitHub, DevOps, and developer workflow skills."},"scenario":{"label":"Coding agents","description":"I need a coding agent that can understand a repository, edit code, and review pull requests.","useCases":[{"slug":"coding-agents","title":"Coding agents"},{"slug":"github-automation","title":"GitHub automation"},{"slug":"browser-automation","title":"Browser automation"}]},"applicableAgents":["Claude Code","OpenAI Agents","CLI","Codex","Cursor"],"install":{"ready":true,"command":"npx skills add alibaba/open-code-review","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":9875,"starsLabel":"9.9K","forks":646,"license":"Apache-2.0","qualityScore":100,"trustScore":91,"auditScore":94},"maintenance":{"status":"fresh","label":"Pushed today","daysSincePush":0,"lastPushedAt":"2026-07-03T12:32:26+00:00"},"risk":{"level":"safe_to_try","label":"Safe to try","requiresReview":false,"notes":["No major risk signals from available metadata"]},"coverageTags":["Coding","Coding agents","development","code-review","developer-tools","agent","code-review-assistant","harness"]},"audit":{"audit_score":94,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":[]},"install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add alibaba/open-code-review","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"Open Code Review\" agent skill from https://github.com/alibaba/open-code-review. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Open-source & free — Battle-tested at Alibaba's scale. Hybrid architecture code review tool: deterministic pipelines + LLM Agent, precise line-level comments, built-in fine-tuned ruleset (NPE, thread-safety, XSS, SQL injection), OpenAI & Anthropic compatible.","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"Open Code Review\" as a Claude Code skill from https://github.com/alibaba/open-code-review. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Open-source & free — Battle-tested at Alibaba's scale. Hybrid architecture code review tool: deterministic pipelines + LLM Agent, precise line-level comments, built-in fine-tuned ruleset (NPE, thread-safety, XSS, SQL injection), OpenAI & Anthropic compatible.","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"Open Code Review\" from https://github.com/alibaba/open-code-review into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Open-source & free — Battle-tested at Alibaba's scale. Hybrid architecture code review tool: deterministic pipelines + LLM Agent, precise line-level comments, built-in fine-tuned ruleset (NPE, thread-safety, XSS, SQL injection), OpenAI & Anthropic compatible.","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"urls":{"web":"https://www.openagentskill.com/skills/alibaba-open-code-review","api":"https://www.openagentskill.com/api/agent/skills/alibaba-open-code-review","install_api":"https://www.openagentskill.com/api/skills/alibaba-open-code-review/install","audit":"https://www.openagentskill.com/skills/alibaba-open-code-review/audit","repository":"https://github.com/alibaba/open-code-review"},"decision":{"readiness_score":100,"readiness_label":"Production-ready","headline":"Primary pick for Coding agents","role":"Primary pick","adoption_stage":"Adopt","primary_fit":"Coding agents","best_for":["Coding agents workflows","Claude Code teams","teams that value GitHub adoption signals"],"risks":["No OpenAgentSkill engagement data yet"],"proof_points":["9,875 GitHub stars","recent repository activity","install command or GitHub repo available","100/100 quality profile"],"next_steps":["Install it in a sandbox agent and run one Coding agents task end to end.","Compare output quality, latency, and failure behavior against at least one alternative.","Promote it into production only after reviewing repository permissions, license, and maintenance signals."]},"use_cases":[{"slug":"coding-agents","title":"Coding agents","url":"https://www.openagentskill.com/use-cases/coding-agents"},{"slug":"github-automation","title":"GitHub automation","url":"https://www.openagentskill.com/use-cases/github-automation"}],"recommendation_reasons":["Matches task terms: use, security, code, review","Useful GitHub adoption: 9,875 stars","Install handoff is available","Repository freshness signal is available","Registry match score 94"],"reasoning":"Strong task match. Evidence: verified author, 70 quality score. Open-source & free — Battle-tested at Alibaba's scale. Hybrid architecture code review tool: deterministic pipelines + LLM Agent, precise line-level comments, built-in fine-tuned ruleset (NPE, thread-safety, XSS, SQL injection), OpenAI & Anthropic compatible."},{"rank":2,"skill":"Security Code Review","slug":"d3lb3-security-code-review","description":"My personal collection of resources (mostly tools and training materials) for source code security audits.","confidence":"0.99","match_score":99,"raw_match_score":295.95482365705624,"match_label":"Strong task match","safety_adjusted_score":285.95482365705624,"install":"npx skills add d3lb3/security-code-review","repository":"https://github.com/d3lb3/security-code-review","stats":{"stars":109,"downloads":0,"rating":0,"quality_score":32.99},"quality":{"score":42,"tier":"review","label":"Needs review","summary":"Inspect the repository carefully before adding it to an agent workflow.","signals":[{"label":"GitHub stars","value":"109","tone":"neutral"},{"label":"Freshness","value":"2y ago","tone":"warning"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"Unknown","tone":"neutral"}],"warnings":["Repository looks stale"]},"trust":{"version":"trust-score-v4","score":71,"tier":"review","label":"Manual review","summary":"Potentially useful, but at least one trust signal needs human inspection.","recommendedAction":"Inspect the repository, license, and recent activity before connecting it to agent workflows.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":62,"weight":0.13,"status":"info","detail":"109 GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":57,"weight":0.08,"status":"warn","detail":"109 stars, 15 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":38,"weight":0.14,"status":"fail","detail":"2y since push"},{"id":"license","label":"License clarity","score":42,"weight":0.09,"status":"warn","detail":"Unknown"},{"id":"documentation","label":"README/SKILL.md completeness","score":90,"weight":0.14,"status":"pass","detail":"Metadata includes enough usage and workflow context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":90,"weight":0.12,"status":"pass","detail":"no major dependency risk hints in public metadata"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add d3lb3/security-code-review"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":86,"weight":0.07,"status":"pass","detail":"filesystem or document access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/d3lb3/security-code-review"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"},{"id":"agent_outcomes","label":"Agent Proven outcomes","score":54,"weight":0.13,"status":"info","detail":"No agent outcome data yet"}],"checks":[{"status":"info","label":"GitHub adoption","detail":"109 GitHub stars"},{"status":"warn","label":"Stars/forks activity","detail":"109 stars, 15 forks; issue activity unavailable in current metadata"},{"status":"fail","label":"Recent maintenance","detail":"2y since push"},{"status":"warn","label":"License clarity","detail":"Unknown"},{"status":"pass","label":"README/SKILL.md completeness","detail":"Metadata includes enough usage and workflow context"},{"status":"pass","label":"Dependency/runtime risk","detail":"no major dependency risk hints in public metadata"},{"status":"pass","label":"Install availability","detail":"npx skills add d3lb3/security-code-review"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"pass","label":"Permission surface","detail":"filesystem or document access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/d3lb3/security-code-review"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"info","label":"Agent Proven outcomes","detail":"No agent outcome data yet"},{"status":"warn","label":"Ownership","detail":"No approved owner claim yet"},{"status":"info","label":"OpenAgentSkill usage","detail":"No local usage activity yet"},{"status":"info","label":"Agent outcomes","detail":"No agent outcome data yet"}],"strengths":["AI review approved","Install path is available","Repository evidence is available","Install command has no obvious high-risk pattern"],"warnings":["License is unclear","Repository looks stale","Quality score needs review","Stars/forks activity: 109 stars, 15 forks; issue activity unavailable in current metadata","Recent maintenance: 2y since push","License clarity: Unknown"],"evidence":{"stars":"109 GitHub stars","repoActivity":"109 stars, 15 forks","lastPushed":"2y since push","license":"Unknown","repository":"https://github.com/d3lb3/security-code-review","install":"npx skills add d3lb3/security-code-review","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"},"installReadiness":{"ready":true,"command":"npx skills add d3lb3/security-code-review","policy":"human_review_before_install","label":"Human review before install","notes":["Install path is available","Repository evidence is available","License is unclear","No Agent Proven outcome evidence yet","2y since push"]},"agentCompatibility":["Modula-3","Code Review","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"medium","label":"Review before production","notes":["License is unclear","Repository looks stale","Quality score needs review","Stars/forks activity: 109 stars, 15 forks; issue activity unavailable in current metadata","Recent maintenance: 2y since push"]},"outcomeEvidence":{"total":0,"successes":0,"failures":0,"notRelevant":0,"successRate":null,"installAttempts":0,"riskBlocked":0,"setupRequired":0,"installSuccessRate":null,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"recentSuccessRate":null,"recentFailureRate":null,"uniqueAgents":0,"agentProvenScore":0,"agentProvenLabel":"Needs first agent run","lastOutcomeAt":null,"label":"No agent outcome data yet"},"autoInstall":{"allowed":false,"sandboxRequired":true,"policy":"human_review_before_install","reason":"Human review or sandbox validation is required before automatic installation."},"bestFor":["coding-agents","code-review","developer-tools","coding","checklists","owasp"],"doNotUseFor":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface","Automatic installation in a production workspace","Commercial reuse before clarifying license terms"],"knownRisks":["License is unclear","Repository looks stale","Quality score needs review","Stars/forks activity: 109 stars, 15 forks; issue activity unavailable in current metadata","Recent maintenance: 2y since push","License clarity: Unknown"]},"safety":{"score":46,"level":"avoid_auto_install","label":"Avoid automatic install","safety_tier":{"tier":"experimental","label":"Experimental","badge":"EXPERIMENTAL","summary":"Sparse or mixed signals. Useful for discovery, but not for autonomous installation.","recommended_action":"Test manually in an isolated workspace and compare against safer alternatives.","auto_install_policy":"review","reasons":["License is unclear","46/100 agent safety score"]},"auto_install_allowed":false,"human_review_required":true,"blocked":false,"audit_risk":"needs_review","permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"}],"policy_warnings":["License is unclear"],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"experimental","label":"Experimental","badge":"EXPERIMENTAL","auto_install_policy":"review","auto_install_allowed":false,"human_review_required":true,"blocked":false,"recommended_action":"Test manually in an isolated workspace and compare against safer alternatives.","reasons":["License is unclear","46/100 agent safety score"]},"supply_profile":{"track":{"slug":"coding","label":"Coding and developer agents","shortLabel":"Coding","description":"Code review, repo analysis, testing, CI, GitHub, DevOps, and developer workflow skills."},"scenario":{"label":"Coding agents","description":"I need a coding agent that can understand a repository, edit code, and review pull requests.","useCases":[{"slug":"coding-agents","title":"Coding agents"},{"slug":"github-automation","title":"GitHub automation"},{"slug":"rag-knowledge","title":"RAG and knowledge"}]},"applicableAgents":["Claude Code","CLI","Codex","Cursor","Modula-3"],"install":{"ready":true,"command":"npx skills add d3lb3/security-code-review","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":109,"starsLabel":"109","forks":15,"license":"Unknown","qualityScore":42,"trustScore":71,"auditScore":62},"maintenance":{"status":"stale","label":"2y since push","daysSincePush":682,"lastPushedAt":"2024-08-20T04:05:26+00:00"},"risk":{"level":"needs_review","label":"Needs review","requiresReview":true,"notes":["License is unclear","Repository appears stale","Repository looks stale","Quality score needs review","Stars/forks activity: 109 stars, 15 forks; issue activity unavailable in current metadata"]},"coverageTags":["Coding","Coding agents","coding-agents","code-review","developer-tools","checklists","owasp","security"]},"audit":{"audit_score":62,"risk_level":"needs_review","risk_label":"Needs review","warnings":["License is unclear","Repository appears stale","Repository looks stale","Quality score needs review"]},"install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add d3lb3/security-code-review","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"Security Code Review\" agent skill from https://github.com/d3lb3/security-code-review. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: My personal collection of resources (mostly tools and training materials) for source code security audits.","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"Security Code Review\" as a Claude Code skill from https://github.com/d3lb3/security-code-review. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: My personal collection of resources (mostly tools and training materials) for source code security audits.","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"Security Code Review\" from https://github.com/d3lb3/security-code-review into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: My personal collection of resources (mostly tools and training materials) for source code security audits.","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"urls":{"web":"https://www.openagentskill.com/skills/d3lb3-security-code-review","api":"https://www.openagentskill.com/api/agent/skills/d3lb3-security-code-review","install_api":"https://www.openagentskill.com/api/skills/d3lb3-security-code-review/install","audit":"https://www.openagentskill.com/skills/d3lb3-security-code-review/audit","repository":"https://github.com/d3lb3/security-code-review"},"decision":{"readiness_score":32,"readiness_label":"Needs manual review","headline":"Needs validation for Coding agents","role":"Needs validation","adoption_stage":"Review","primary_fit":"Coding agents","best_for":["Coding agents workflows","Claude Code teams","builders willing to evaluate younger projects"],"risks":["Repository looks stale","No OpenAgentSkill engagement data yet"],"proof_points":["install command or GitHub repo available","42/100 quality profile"],"next_steps":["Install it in a sandbox agent and run one Coding agents task end to end.","Compare output quality, latency, and failure behavior against at least one alternative.","Promote it into production only after reviewing repository permissions, license, and maintenance signals."]},"use_cases":[{"slug":"coding-agents","title":"Coding agents","url":"https://www.openagentskill.com/use-cases/coding-agents"},{"slug":"github-automation","title":"GitHub automation","url":"https://www.openagentskill.com/use-cases/github-automation"}],"recommendation_reasons":["Matches task terms: use, security, code, review","Install handoff is available","Repository freshness signal is available","Registry match score 99"],"reasoning":"Strong task match. Evidence: 33 quality score. My personal collection of resources (mostly tools and training materials) for source code security audits."},{"rank":3,"skill":"Claude Code Workflows","slug":"shinpr-claude-code-workflows","description":"Production-ready development workflows for Claude Code, powered by specialized AI agents.","confidence":"0.87","match_score":87,"raw_match_score":261.1658025898907,"match_label":"Good task match","safety_adjusted_score":273.1658025898907,"install":"npx skills add shinpr/claude-code-workflows","repository":"https://github.com/shinpr/claude-code-workflows","stats":{"stars":486,"downloads":0,"rating":0,"quality_score":52.51},"quality":{"score":84,"tier":"strong","label":"Strong","summary":"Solid option that is likely worth shortlisting for production workflows.","signals":[{"label":"GitHub stars","value":"486","tone":"neutral"},{"label":"Freshness","value":"13d ago","tone":"positive"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"MIT","tone":"neutral"}],"warnings":[]},"trust":{"version":"trust-score-v4","score":82,"tier":"strong","label":"Strong shortlist","summary":"Good trust signals with a few areas worth checking before rollout.","recommendedAction":"Test in a sandbox workflow and compare its install path with close alternatives.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":62,"weight":0.13,"status":"info","detail":"486 GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":62,"weight":0.08,"status":"info","detail":"486 stars, 69 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":100,"weight":0.14,"status":"pass","detail":"13d since push"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"MIT"},{"id":"documentation","label":"README/SKILL.md completeness","score":90,"weight":0.14,"status":"pass","detail":"Metadata includes enough usage and workflow context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":90,"weight":0.12,"status":"pass","detail":"no major dependency risk hints in public metadata"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add shinpr/claude-code-workflows"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":86,"weight":0.07,"status":"pass","detail":"filesystem or document access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/shinpr/claude-code-workflows"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"},{"id":"agent_outcomes","label":"Agent Proven outcomes","score":54,"weight":0.13,"status":"info","detail":"No agent outcome data yet"}],"checks":[{"status":"info","label":"GitHub adoption","detail":"486 GitHub stars"},{"status":"info","label":"Stars/forks activity","detail":"486 stars, 69 forks; issue activity unavailable in current metadata"},{"status":"pass","label":"Recent maintenance","detail":"13d since push"},{"status":"pass","label":"License clarity","detail":"MIT"},{"status":"pass","label":"README/SKILL.md completeness","detail":"Metadata includes enough usage and workflow context"},{"status":"pass","label":"Dependency/runtime risk","detail":"no major dependency risk hints in public metadata"},{"status":"pass","label":"Install availability","detail":"npx skills add shinpr/claude-code-workflows"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"pass","label":"Permission surface","detail":"filesystem or document access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/shinpr/claude-code-workflows"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"info","label":"Agent Proven outcomes","detail":"No agent outcome data yet"},{"status":"warn","label":"Ownership","detail":"No approved owner claim yet"},{"status":"info","label":"OpenAgentSkill usage","detail":"No local usage activity yet"},{"status":"info","label":"Agent outcomes","detail":"No agent outcome data yet"}],"strengths":["AI review approved","Install path is available","Repository evidence is available","Recently maintained repository","Install command has no obvious high-risk pattern"],"warnings":["Quality score needs review"],"evidence":{"stars":"486 GitHub stars","repoActivity":"486 stars, 69 forks","lastPushed":"13d since push","license":"MIT","repository":"https://github.com/shinpr/claude-code-workflows","install":"npx skills add shinpr/claude-code-workflows","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"},"installReadiness":{"ready":true,"command":"npx skills add shinpr/claude-code-workflows","policy":"human_review_before_install","label":"Human review before install","notes":["Install path is available","Repository evidence is available","License is declared","No Agent Proven outcome evidence yet","13d since push"]},"agentCompatibility":["JavaScript","Developer Tools","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"low","label":"Low metadata risk","notes":["Quality score needs review"]},"outcomeEvidence":{"total":0,"successes":0,"failures":0,"notRelevant":0,"successRate":null,"installAttempts":0,"riskBlocked":0,"setupRequired":0,"installSuccessRate":null,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"recentSuccessRate":null,"recentFailureRate":null,"uniqueAgents":0,"agentProvenScore":0,"agentProvenLabel":"Needs first agent run","lastOutcomeAt":null,"label":"No agent outcome data yet"},"autoInstall":{"allowed":false,"sandboxRequired":true,"policy":"human_review_before_install","reason":"Human review or sandbox validation is required before automatic installation."},"bestFor":["coding-agents","developer-tools","automation","coding","agent-skills","agentic-ai"],"doNotUseFor":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface","Automatic installation in a production workspace"],"knownRisks":["Quality score needs review"]},"safety":{"score":71,"level":"review_before_install","label":"Review before install","safety_tier":{"tier":"reviewed","label":"Reviewed","badge":"REVIEWED","summary":"Good audit and safety signals with no high-risk permission hints in public metadata.","recommended_action":"Review the audit page, then allow agent install in a sandboxed workflow.","auto_install_policy":"review","reasons":["Safe-to-try audit","71/100 agent safety score"]},"auto_install_allowed":false,"human_review_required":true,"blocked":false,"audit_risk":"safe_to_try","permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"}],"policy_warnings":["Quality score needs review"],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"reviewed","label":"Reviewed","badge":"REVIEWED","auto_install_policy":"review","auto_install_allowed":false,"human_review_required":true,"blocked":false,"recommended_action":"Review the audit page, then allow agent install in a sandboxed workflow.","reasons":["Safe-to-try audit","71/100 agent safety score"]},"supply_profile":{"track":{"slug":"coding","label":"Coding and developer agents","shortLabel":"Coding","description":"Code review, repo analysis, testing, CI, GitHub, DevOps, and developer workflow skills."},"scenario":{"label":"Coding agents","description":"I need a coding agent that can understand a repository, edit code, and review pull requests.","useCases":[{"slug":"coding-agents","title":"Coding agents"},{"slug":"github-automation","title":"GitHub automation"},{"slug":"rag-knowledge","title":"RAG and knowledge"}]},"applicableAgents":["Claude Code","CLI","Codex","Cursor","JavaScript"],"install":{"ready":true,"command":"npx skills add shinpr/claude-code-workflows","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":486,"starsLabel":"486","forks":69,"license":"MIT","qualityScore":84,"trustScore":82,"auditScore":87},"maintenance":{"status":"fresh","label":"13d since push","daysSincePush":13,"lastPushedAt":"2026-06-20T04:56:29+00:00"},"risk":{"level":"safe_to_try","label":"Safe to try","requiresReview":true,"notes":["Quality score needs review"]},"coverageTags":["Coding","Coding agents","coding-agents","developer-tools","automation","agent-skills","agentic-ai","ai-agents"]},"audit":{"audit_score":87,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":["Quality score needs review"]},"install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add shinpr/claude-code-workflows","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"Claude Code Workflows\" agent skill from https://github.com/shinpr/claude-code-workflows. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Production-ready development workflows for Claude Code, powered by specialized AI agents.","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"Claude Code Workflows\" as a Claude Code skill from https://github.com/shinpr/claude-code-workflows. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Production-ready development workflows for Claude Code, powered by specialized AI agents.","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"Claude Code Workflows\" from https://github.com/shinpr/claude-code-workflows into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Production-ready development workflows for Claude Code, powered by specialized AI agents.","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"urls":{"web":"https://www.openagentskill.com/skills/shinpr-claude-code-workflows","api":"https://www.openagentskill.com/api/agent/skills/shinpr-claude-code-workflows","install_api":"https://www.openagentskill.com/api/skills/shinpr-claude-code-workflows/install","audit":"https://www.openagentskill.com/skills/shinpr-claude-code-workflows/audit","repository":"https://github.com/shinpr/claude-code-workflows"},"decision":{"readiness_score":83,"readiness_label":"Strong shortlist","headline":"Companion skill for Coding agents","role":"Companion skill","adoption_stage":"Shortlist","primary_fit":"Coding agents","best_for":["Coding agents workflows","Claude Code teams","builders willing to evaluate younger projects"],"risks":["No OpenAgentSkill engagement data yet"],"proof_points":["recent repository activity","install command or GitHub repo available","84/100 quality profile"],"next_steps":["Install it in a sandbox agent and run one Coding agents task end to end.","Compare output quality, latency, and failure behavior against at least one alternative.","Promote it into production only after reviewing repository permissions, license, and maintenance signals."]},"use_cases":[{"slug":"coding-agents","title":"Coding agents","url":"https://www.openagentskill.com/use-cases/coding-agents"},{"slug":"github-automation","title":"GitHub automation","url":"https://www.openagentskill.com/use-cases/github-automation"}],"recommendation_reasons":["Matches task terms: use, security, code, agent","Install handoff is available","Repository freshness signal is available","Registry match score 87"],"reasoning":"Good task match. Evidence: 53 quality score. Production-ready development workflows for Claude Code, powered by specialized AI agents."}],"blocked_candidates":[{"slug":"robatwilliams-decent-code","name":"Decent Code","match_score":67,"raw_match_score":201.03518410579417,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Audit risk exceeds the requested agent policy","Audit classified this skill as risky","Audit risk risky exceeds max_risk=medium"]},"url":"https://www.openagentskill.com/skills/robatwilliams-decent-code/audit"},{"slug":"code-review-checklists-go-concurrency","name":"Go Concurrency","match_score":61,"raw_match_score":182.02341479232084,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Audit risk exceeds the requested agent policy","Audit classified this skill as risky","Audit risk risky exceeds max_risk=medium"]},"url":"https://www.openagentskill.com/skills/code-review-checklists-go-concurrency/audit"},{"slug":"dicklesworthstone-coding-agent-account-manager","name":"Coding Agent Account Manager","match_score":59,"raw_match_score":177.40776906987244,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Metadata combines secrets access with shell or command execution","High-risk permission hints: Shell or command execution, Secrets or environment access"]},"url":"https://www.openagentskill.com/skills/dicklesworthstone-coding-agent-account-manager/audit"},{"slug":"zuramai-refactoring","name":"Refactoring","match_score":55,"raw_match_score":165.69783333333334,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Audit risk exceeds the requested agent policy","Audit classified this skill as risky","Audit risk risky exceeds max_risk=medium"]},"url":"https://www.openagentskill.com/skills/zuramai-refactoring/audit"},{"slug":"pcx-wave-vibe-skill","name":"Vibe Skill","match_score":52,"raw_match_score":154.53624038195747,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Metadata combines secrets access with shell or command execution","High-risk permission hints: Shell or command execution, Secrets or environment access"]},"url":"https://www.openagentskill.com/skills/pcx-wave-vibe-skill/audit"}],"suggested_composition":{"name":"alibaba-open-code-review-agent-stack","description":"Start with Open Code Review, then add Security Code Review + Claude Code Workflows only if the workflow needs extra coverage.","skills":["alibaba-open-code-review","d3lb3-security-code-review","shinpr-claude-code-workflows"],"steps":["Prototype the task with Open Code Review as the primary skill.","Add the second skill only if the first one leaves a capability gap.","Keep the third skill as a fallback during evaluation instead of installing everything at once."]},"suggested_stacks":[{"slug":"coding-review-agent","name":"Coding review agent stack","url":"https://www.openagentskill.com/collections/coding-review-agent","use_case":"coding-agents"},{"slug":"web-data-pipeline","name":"Web data pipeline stack","url":"https://www.openagentskill.com/collections/web-data-pipeline","use_case":"web-scraping"}],"meta":{"timestamp":"2026-07-03T23:55:27.736Z","api_version":"1.0","total_skills_searched":20263,"blocked_candidates":5,"safety_policy":"Blocked candidates are excluded from recommendations. Verified and reviewed candidates receive ranking priority.","public_search_endpoint":"https://www.openagentskill.com/api/skills/search","agent_friendly":true}}