{"task":"Use Terraform Security Scan in an agent workflow","recommendations":[{"rank":1,"skill":"Terraform Security Scan","slug":"triat-terraform-security-scan","description":"Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec","confidence":"0.99","match_score":99,"raw_match_score":255.11787209068072,"match_label":"Strong task match","safety_adjusted_score":245.11787209068072,"install":"npx skills add triat/terraform-security-scan","repository":"https://github.com/triat/terraform-security-scan","stats":{"stars":112,"downloads":0,"rating":0,"quality_score":33.07},"quality":{"score":47,"tier":"review","label":"Needs review","summary":"Inspect the repository carefully before adding it to an agent workflow.","signals":[{"label":"GitHub stars","value":"112","tone":"neutral"},{"label":"Freshness","value":"2y ago","tone":"warning"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"MIT","tone":"neutral"}],"warnings":["Repository looks stale"]},"trust":{"version":"trust-score-v4","score":71,"tier":"review","label":"Manual review","summary":"Potentially useful, but at least one trust signal needs human inspection.","recommendedAction":"Inspect the repository, license, and recent activity before connecting it to agent workflows.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":62,"weight":0.13,"status":"info","detail":"112 GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":57,"weight":0.08,"status":"warn","detail":"112 stars, 29 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":38,"weight":0.14,"status":"fail","detail":"2y since push"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"MIT"},{"id":"documentation","label":"README/SKILL.md completeness","score":90,"weight":0.14,"status":"pass","detail":"Metadata includes enough usage and workflow context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":72,"weight":0.12,"status":"info","detail":"command execution surface"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add triat/terraform-security-scan"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":62,"weight":0.07,"status":"info","detail":"shell or command execution, filesystem or document access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/triat/terraform-security-scan"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"},{"id":"agent_outcomes","label":"Agent Proven outcomes","score":54,"weight":0.13,"status":"info","detail":"No agent outcome data yet"}],"checks":[{"status":"info","label":"GitHub adoption","detail":"112 GitHub stars"},{"status":"warn","label":"Stars/forks activity","detail":"112 stars, 29 forks; issue activity unavailable in current metadata"},{"status":"fail","label":"Recent maintenance","detail":"2y since push"},{"status":"pass","label":"License clarity","detail":"MIT"},{"status":"pass","label":"README/SKILL.md completeness","detail":"Metadata includes enough usage and workflow context"},{"status":"info","label":"Dependency/runtime risk","detail":"command execution surface"},{"status":"pass","label":"Install availability","detail":"npx skills add triat/terraform-security-scan"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"info","label":"Permission surface","detail":"shell or command execution, filesystem or document access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/triat/terraform-security-scan"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"info","label":"Agent Proven outcomes","detail":"No agent outcome data yet"},{"status":"warn","label":"Ownership","detail":"No approved owner claim yet"},{"status":"info","label":"OpenAgentSkill usage","detail":"No local usage activity yet"},{"status":"info","label":"Agent outcomes","detail":"No agent outcome data yet"}],"strengths":["AI review approved","Install path is available","Repository evidence is available","Install command has no obvious high-risk pattern"],"warnings":["Repository looks stale","Quality score needs review","Stars/forks activity: 112 stars, 29 forks; issue activity unavailable in current metadata","Recent maintenance: 2y since push"],"evidence":{"stars":"112 GitHub stars","repoActivity":"112 stars, 29 forks","lastPushed":"2y since push","license":"MIT","repository":"https://github.com/triat/terraform-security-scan","install":"npx skills add triat/terraform-security-scan","installSafety":"standard package or runtime install path","permissionSurface":"shell or command execution, filesystem or document access","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"},"installReadiness":{"ready":true,"command":"npx skills add triat/terraform-security-scan","policy":"human_review_before_install","label":"Human review before install","notes":["Install path is available","Repository evidence is available","License is declared","No Agent Proven outcome evidence yet","2y since push"]},"agentCompatibility":["Shell","Compliance","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"medium","label":"Review before production","notes":["Repository looks stale","Quality score needs review","Stars/forks activity: 112 stars, 29 forks; issue activity unavailable in current metadata","Recent maintenance: 2y since push"]},"outcomeEvidence":{"total":0,"successes":0,"failures":0,"notRelevant":0,"successRate":null,"installAttempts":0,"riskBlocked":0,"setupRequired":0,"installSuccessRate":null,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"recentSuccessRate":null,"recentFailureRate":null,"uniqueAgents":0,"agentProvenScore":0,"agentProvenLabel":"Needs first agent run","lastOutcomeAt":null,"label":"No agent outcome data yet"},"autoInstall":{"allowed":false,"sandboxRequired":true,"policy":"human_review_before_install","reason":"Human review or sandbox validation is required before automatic installation."},"bestFor":["security","compliance","actions","aws","azure","ci"],"doNotUseFor":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface","Automatic installation in a production workspace"],"knownRisks":["Repository looks stale","Quality score needs review","Stars/forks activity: 112 stars, 29 forks; issue activity unavailable in current metadata","Recent maintenance: 2y since push"]},"safety":{"score":36,"level":"avoid_auto_install","label":"Avoid automatic install","safety_tier":{"tier":"experimental","label":"Experimental","badge":"EXPERIMENTAL","summary":"Sparse or mixed signals. Useful for discovery, but not for autonomous installation.","recommended_action":"Test manually in an isolated workspace and compare against safer alternatives.","auto_install_policy":"review","reasons":["High-risk permission hints: Shell or command execution","36/100 agent safety score"]},"auto_install_allowed":false,"human_review_required":true,"blocked":false,"audit_risk":"needs_review","permission_hints":[{"id":"shell","label":"Shell or command execution","reason":"Skill metadata references terminal, CLI, shell, subprocess, or command execution workflows.","severity":"high"},{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"}],"policy_warnings":["High-risk permission hints: Shell or command execution","Repository appears stale"],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"experimental","label":"Experimental","badge":"EXPERIMENTAL","auto_install_policy":"review","auto_install_allowed":false,"human_review_required":true,"blocked":false,"recommended_action":"Test manually in an isolated workspace and compare against safer alternatives.","reasons":["High-risk permission hints: Shell or command execution","36/100 agent safety score"]},"supply_profile":{"track":{"slug":"coding","label":"Coding and developer agents","shortLabel":"Coding","description":"Code review, repo analysis, testing, CI, GitHub, DevOps, and developer workflow skills."},"scenario":{"label":"GitHub automation","description":"I need my agent to triage GitHub issues, review pull requests, and summarize repository changes.","useCases":[{"slug":"github-automation","title":"GitHub automation"},{"slug":"security-compliance","title":"Security and compliance"},{"slug":"coding-agents","title":"Coding agents"}]},"applicableAgents":["Claude Code","CLI","Codex","Cursor","Shell"],"install":{"ready":true,"command":"npx skills add triat/terraform-security-scan","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":112,"starsLabel":"112","forks":29,"license":"MIT","qualityScore":47,"trustScore":71,"auditScore":64},"maintenance":{"status":"stale","label":"2y since push","daysSincePush":632,"lastPushedAt":"2024-10-09T06:55:36+00:00"},"risk":{"level":"needs_review","label":"Needs review","requiresReview":true,"notes":["Repository appears stale","Repository looks stale","Quality score needs review","Stars/forks activity: 112 stars, 29 forks; issue activity unavailable in current metadata","Recent maintenance: 2y since push"]},"coverageTags":["Coding","GitHub automation","security","compliance","actions","aws","azure","ci"]},"audit":{"audit_score":64,"risk_level":"needs_review","risk_label":"Needs review","warnings":["Repository appears stale","Repository looks stale","Quality score needs review","Stars/forks activity: 112 stars, 29 forks; issue activity unavailable in current metadata"]},"install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add triat/terraform-security-scan","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"Terraform Security Scan\" agent skill from https://github.com/triat/terraform-security-scan. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"Terraform Security Scan\" as a Claude Code skill from https://github.com/triat/terraform-security-scan. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"Terraform Security Scan\" from https://github.com/triat/terraform-security-scan into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"urls":{"web":"https://www.openagentskill.com/skills/triat-terraform-security-scan","api":"https://www.openagentskill.com/api/agent/skills/triat-terraform-security-scan","install_api":"https://www.openagentskill.com/api/skills/triat-terraform-security-scan/install","audit":"https://www.openagentskill.com/skills/triat-terraform-security-scan/audit","repository":"https://github.com/triat/terraform-security-scan"},"decision":{"readiness_score":37,"readiness_label":"Needs manual review","headline":"Needs validation for GitHub automation","role":"Needs validation","adoption_stage":"Review","primary_fit":"GitHub automation","best_for":["GitHub automation workflows","Claude Code teams","builders willing to evaluate younger projects"],"risks":["Repository looks stale","No OpenAgentSkill engagement data yet"],"proof_points":["install command or GitHub repo available","47/100 quality profile"],"next_steps":["Install it in a sandbox agent and run one GitHub automation task end to end.","Compare output quality, latency, and failure behavior against at least one alternative.","Promote it into production only after reviewing repository permissions, license, and maintenance signals."]},"use_cases":[{"slug":"github-automation","title":"GitHub automation","url":"https://www.openagentskill.com/use-cases/github-automation"},{"slug":"security-compliance","title":"Security and compliance","url":"https://www.openagentskill.com/use-cases/security-compliance"}],"recommendation_reasons":["Matches task terms: use, terraform, security, scan","Install handoff is available","Repository freshness signal is available","Registry match score 99"],"reasoning":"Strong task match. Evidence: 33 quality score. Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec"},{"rank":2,"skill":"User Scanner","slug":"kaifcodec-user-scanner","description":"🕵️‍♂️ (2-in-1) Email & Username OSINT suite for deep data extraction. Analyzes 240+ scan vectors (100+ email / 140+ username) for security research, investigations, and digital footprinting.","confidence":"0.86","match_score":86,"raw_match_score":221.86703815900108,"match_label":"Good task match","safety_adjusted_score":243.86703815900108,"install":"npx skills add kaifcodec/user-scanner","repository":"https://github.com/kaifcodec/user-scanner","stats":{"stars":2174,"downloads":0,"rating":0,"quality_score":65.06},"quality":{"score":100,"tier":"excellent","label":"Excellent","summary":"High-confidence pick with strong adoption and healthy maintenance signals.","signals":[{"label":"GitHub stars","value":"2.2K","tone":"positive"},{"label":"Freshness","value":"21d ago","tone":"positive"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"MIT","tone":"neutral"}],"warnings":[]},"trust":{"version":"trust-score-v4","score":91,"tier":"production","label":"Production candidate","summary":"Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability.","recommendedAction":"Shortlist for production use, then run a normal repository and dependency review.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":86,"weight":0.13,"status":"pass","detail":"2.2K GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":77,"weight":0.08,"status":"info","detail":"2.2K stars, 237 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":100,"weight":0.14,"status":"pass","detail":"21d since push"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"MIT"},{"id":"documentation","label":"README/SKILL.md completeness","score":90,"weight":0.14,"status":"pass","detail":"Metadata includes enough usage and workflow context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":90,"weight":0.12,"status":"pass","detail":"no major dependency risk hints in public metadata"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add kaifcodec/user-scanner"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":86,"weight":0.07,"status":"pass","detail":"filesystem or document access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/kaifcodec/user-scanner"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"},{"id":"agent_outcomes","label":"Agent Proven outcomes","score":54,"weight":0.13,"status":"info","detail":"No agent outcome data yet"}],"checks":[{"status":"pass","label":"GitHub adoption","detail":"2.2K GitHub stars"},{"status":"info","label":"Stars/forks activity","detail":"2.2K stars, 237 forks; issue activity unavailable in current metadata"},{"status":"pass","label":"Recent maintenance","detail":"21d since push"},{"status":"pass","label":"License clarity","detail":"MIT"},{"status":"pass","label":"README/SKILL.md completeness","detail":"Metadata includes enough usage and workflow context"},{"status":"pass","label":"Dependency/runtime risk","detail":"no major dependency risk hints in public metadata"},{"status":"pass","label":"Install availability","detail":"npx skills add kaifcodec/user-scanner"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"pass","label":"Permission surface","detail":"filesystem or document access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/kaifcodec/user-scanner"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"info","label":"Agent Proven outcomes","detail":"No agent outcome data yet"},{"status":"pass","label":"Ownership","detail":"Listing manually verified"},{"status":"info","label":"OpenAgentSkill usage","detail":"No local usage activity yet"},{"status":"info","label":"Agent outcomes","detail":"No agent outcome data yet"}],"strengths":["Manually verified listing","AI review approved","Install path is available","Repository evidence is available","Recently maintained repository","Meaningful GitHub adoption signal","Install command has no obvious high-risk pattern"],"warnings":[],"evidence":{"stars":"2.2K GitHub stars","repoActivity":"2.2K stars, 237 forks","lastPushed":"21d since push","license":"MIT","repository":"https://github.com/kaifcodec/user-scanner","install":"npx skills add kaifcodec/user-scanner","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"},"installReadiness":{"ready":true,"command":"npx skills add kaifcodec/user-scanner","policy":"agent_install_candidate","label":"Agent install candidate","notes":["Install path is available","Repository evidence is available","License is declared","No Agent Proven outcome evidence yet","21d since push"]},"agentCompatibility":["Python","OSINT","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"low","label":"Low metadata risk","notes":["No major trust warnings detected from available metadata"]},"outcomeEvidence":{"total":0,"successes":0,"failures":0,"notRelevant":0,"successRate":null,"installAttempts":0,"riskBlocked":0,"setupRequired":0,"installSuccessRate":null,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"recentSuccessRate":null,"recentFailureRate":null,"uniqueAgents":0,"agentProvenScore":0,"agentProvenLabel":"Needs first agent run","lastOutcomeAt":null,"label":"No agent outcome data yet"},"autoInstall":{"allowed":true,"sandboxRequired":true,"policy":"agent_install_candidate","reason":"Trust Score v4 allows sandbox-first agent installation after normal workspace review."},"bestFor":["security","osint","research","cybersecurity","cybersecurity-tools","email-osint"],"doNotUseFor":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"knownRisks":[]},"safety":{"score":86,"level":"safe_to_install","label":"Safe to install with normal review","safety_tier":{"tier":"verified","label":"Verified","badge":"VERIFIED","summary":"Strong metadata, audit, install, and review signals. Suitable for agent shortlists after normal workspace review.","recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","auto_install_policy":"allow","reasons":["Verified listing","Safe-to-try audit","86/100 agent safety score"]},"auto_install_allowed":true,"human_review_required":false,"blocked":false,"audit_risk":"safe_to_try","permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"}],"policy_warnings":[],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"verified","label":"Verified","badge":"VERIFIED","auto_install_policy":"allow","auto_install_allowed":true,"human_review_required":false,"blocked":false,"recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","reasons":["Verified listing","Safe-to-try audit","86/100 agent safety score"]},"supply_profile":{"track":{"slug":"research","label":"Research and knowledge work","shortLabel":"Research","description":"Deep research, source comparison, literature review, RAG, knowledge search, and reports."},"scenario":{"label":"RAG and knowledge","description":"I need my agent to build a RAG workflow over documents and retrieve reliable context.","useCases":[{"slug":"rag-knowledge","title":"RAG and knowledge"},{"slug":"coding-agents","title":"Coding agents"},{"slug":"workflow-automation","title":"Workflow automation"}]},"applicableAgents":["Claude Code","CLI","Codex","Cursor","Python"],"install":{"ready":true,"command":"npx skills add kaifcodec/user-scanner","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":2174,"starsLabel":"2.2K","forks":237,"license":"MIT","qualityScore":100,"trustScore":91,"auditScore":94},"maintenance":{"status":"fresh","label":"21d since push","daysSincePush":21,"lastPushedAt":"2026-06-12T13:53:52+00:00"},"risk":{"level":"safe_to_try","label":"Safe to try","requiresReview":false,"notes":["No major risk signals from available metadata"]},"coverageTags":["Research","RAG and knowledge","security","osint","cybersecurity","cybersecurity-tools","email-osint","enumeration"]},"audit":{"audit_score":94,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":[]},"install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add kaifcodec/user-scanner","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"User Scanner\" agent skill from https://github.com/kaifcodec/user-scanner. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: 🕵️‍♂️ (2-in-1) Email & Username OSINT suite for deep data extraction. Analyzes 240+ scan vectors (100+ email / 140+ username) for security research, investigations, and digital footprinting.","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"User Scanner\" as a Claude Code skill from https://github.com/kaifcodec/user-scanner. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: 🕵️‍♂️ (2-in-1) Email & Username OSINT suite for deep data extraction. Analyzes 240+ scan vectors (100+ email / 140+ username) for security research, investigations, and digital footprinting.","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"User Scanner\" from https://github.com/kaifcodec/user-scanner into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: 🕵️‍♂️ (2-in-1) Email & Username OSINT suite for deep data extraction. Analyzes 240+ scan vectors (100+ email / 140+ username) for security research, investigations, and digital footprinting.","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"urls":{"web":"https://www.openagentskill.com/skills/kaifcodec-user-scanner","api":"https://www.openagentskill.com/api/agent/skills/kaifcodec-user-scanner","install_api":"https://www.openagentskill.com/api/skills/kaifcodec-user-scanner/install","audit":"https://www.openagentskill.com/skills/kaifcodec-user-scanner/audit","repository":"https://github.com/kaifcodec/user-scanner"},"decision":{"readiness_score":100,"readiness_label":"Production-ready","headline":"Primary pick for RAG and knowledge","role":"Primary pick","adoption_stage":"Adopt","primary_fit":"RAG and knowledge","best_for":["RAG and knowledge workflows","Claude Code teams","teams that value GitHub adoption signals"],"risks":["No OpenAgentSkill engagement data yet"],"proof_points":["2,174 GitHub stars","recent repository activity","install command or GitHub repo available","100/100 quality profile"],"next_steps":["Install it in a sandbox agent and run one RAG and knowledge task end to end.","Compare output quality, latency, and failure behavior against at least one alternative.","Promote it into production only after reviewing repository permissions, license, and maintenance signals."]},"use_cases":[{"slug":"rag-knowledge","title":"RAG and knowledge","url":"https://www.openagentskill.com/use-cases/rag-knowledge"},{"slug":"coding-agents","title":"Coding agents","url":"https://www.openagentskill.com/use-cases/coding-agents"}],"recommendation_reasons":["Matches task terms: use, security, scan, agent","Useful GitHub adoption: 2,174 stars","Install handoff is available","Repository freshness signal is available","Registry match score 86"],"reasoning":"Good task match. Evidence: verified author, 65 quality score. 🕵️‍♂️ (2-in-1) Email & Username OSINT suite for deep data extraction. Analyzes 240+ scan vectors (100+ email / 140+ username) for security research, investigations, and digital footprinting."},{"rank":3,"skill":"Osv Scanner","slug":"google-osv-scanner","description":"Vulnerability scanner written in Go which uses the data provided by https://osv.dev","confidence":"0.86","match_score":86,"raw_match_score":220.50150375255822,"match_label":"Good task match","safety_adjusted_score":242.50150375255822,"install":"npx skills add google/osv-scanner","repository":"https://github.com/google/osv-scanner","stats":{"stars":10553,"downloads":0,"rating":0,"quality_score":71.36},"quality":{"score":100,"tier":"excellent","label":"Excellent","summary":"High-confidence pick with strong adoption and healthy maintenance signals.","signals":[{"label":"GitHub stars","value":"11K","tone":"positive"},{"label":"Freshness","value":"13d ago","tone":"positive"},{"label":"Install ready","value":"Yes","tone":"positive"},{"label":"License","value":"Apache-2.0","tone":"neutral"}],"warnings":[]},"trust":{"version":"trust-score-v4","score":93,"tier":"production","label":"Production candidate","summary":"Strong OpenAgentSkill Trust Score across adoption, recent maintenance, license clarity, documentation, dependency/runtime risk, install safety, permission surface, and install availability.","recommendedAction":"Shortlist for production use, then run a normal repository and dependency review.","dimensions":[{"id":"github_adoption","label":"GitHub adoption","score":100,"weight":0.13,"status":"pass","detail":"11K GitHub stars"},{"id":"repo_activity","label":"Stars/forks activity","score":92,"weight":0.08,"status":"pass","detail":"11K stars, 728 forks; issue activity unavailable in current metadata"},{"id":"maintenance","label":"Recent maintenance","score":100,"weight":0.14,"status":"pass","detail":"13d since push"},{"id":"license","label":"License clarity","score":86,"weight":0.09,"status":"pass","detail":"Apache-2.0"},{"id":"documentation","label":"README/SKILL.md completeness","score":90,"weight":0.14,"status":"pass","detail":"Metadata includes enough usage and workflow context"},{"id":"dependency_risk","label":"Dependency/runtime risk","score":90,"weight":0.12,"status":"pass","detail":"no major dependency risk hints in public metadata"},{"id":"installability","label":"Install availability","score":92,"weight":0.1,"status":"pass","detail":"npx skills add google/osv-scanner"},{"id":"install_safety","label":"Install command safety","score":92,"weight":0.1,"status":"pass","detail":"standard package or runtime install path"},{"id":"permission_surface","label":"Permission surface","score":86,"weight":0.07,"status":"pass","detail":"filesystem or document access"},{"id":"repository","label":"Repository evidence","score":86,"weight":0.04,"status":"pass","detail":"https://github.com/google/osv-scanner"},{"id":"review_status","label":"Review status","score":88,"weight":0.05,"status":"pass","detail":"AI review data available"},{"id":"agent_outcomes","label":"Agent Proven outcomes","score":54,"weight":0.13,"status":"info","detail":"No agent outcome data yet"}],"checks":[{"status":"pass","label":"GitHub adoption","detail":"11K GitHub stars"},{"status":"pass","label":"Stars/forks activity","detail":"11K stars, 728 forks; issue activity unavailable in current metadata"},{"status":"pass","label":"Recent maintenance","detail":"13d since push"},{"status":"pass","label":"License clarity","detail":"Apache-2.0"},{"status":"pass","label":"README/SKILL.md completeness","detail":"Metadata includes enough usage and workflow context"},{"status":"pass","label":"Dependency/runtime risk","detail":"no major dependency risk hints in public metadata"},{"status":"pass","label":"Install availability","detail":"npx skills add google/osv-scanner"},{"status":"pass","label":"Install command safety","detail":"standard package or runtime install path"},{"status":"pass","label":"Permission surface","detail":"filesystem or document access"},{"status":"pass","label":"Repository evidence","detail":"https://github.com/google/osv-scanner"},{"status":"pass","label":"Review status","detail":"AI review data available"},{"status":"info","label":"Agent Proven outcomes","detail":"No agent outcome data yet"},{"status":"pass","label":"Ownership","detail":"Listing manually verified"},{"status":"info","label":"OpenAgentSkill usage","detail":"No local usage activity yet"},{"status":"info","label":"Agent outcomes","detail":"No agent outcome data yet"}],"strengths":["Manually verified listing","AI review approved","Install path is available","Repository evidence is available","Recently maintained repository","Large GitHub adoption signal","Install command has no obvious high-risk pattern"],"warnings":[],"evidence":{"stars":"11K GitHub stars","repoActivity":"11K stars, 728 forks","lastPushed":"13d since push","license":"Apache-2.0","repository":"https://github.com/google/osv-scanner","install":"npx skills add google/osv-scanner","installSafety":"standard package or runtime install path","permissionSurface":"filesystem or document access","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"},"installReadiness":{"ready":true,"command":"npx skills add google/osv-scanner","policy":"agent_install_candidate","label":"Agent install candidate","notes":["Install path is available","Repository evidence is available","License is declared","No Agent Proven outcome evidence yet","13d since push"]},"agentCompatibility":["Go","Security","Codex","Claude Code","Cursor","OpenAgentSkill CLI"],"riskSummary":{"level":"low","label":"Low metadata risk","notes":["No major trust warnings detected from available metadata"]},"outcomeEvidence":{"total":0,"successes":0,"failures":0,"notRelevant":0,"successRate":null,"installAttempts":0,"riskBlocked":0,"setupRequired":0,"installSuccessRate":null,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"recentSuccessRate":null,"recentFailureRate":null,"uniqueAgents":0,"agentProvenScore":0,"agentProvenLabel":"Needs first agent run","lastOutcomeAt":null,"label":"No agent outcome data yet"},"autoInstall":{"allowed":true,"sandboxRequired":true,"policy":"agent_install_candidate","reason":"Trust Score v4 allows sandbox-first agent installation after normal workspace review."},"bestFor":["security","vulnerability-scanner","scanner","security-audit","security-tools","go"],"doNotUseFor":["Production credentials, payments, or irreversible account changes without explicit human review","Sensitive private data before reviewing repository code, license, and permission surface"],"knownRisks":[]},"safety":{"score":87,"level":"safe_to_install","label":"Safe to install with normal review","safety_tier":{"tier":"verified","label":"Verified","badge":"VERIFIED","summary":"Strong metadata, audit, install, and review signals. Suitable for agent shortlists after normal workspace review.","recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","auto_install_policy":"allow","reasons":["Verified listing","Safe-to-try audit","87/100 agent safety score"]},"auto_install_allowed":true,"human_review_required":false,"blocked":false,"audit_risk":"safe_to_try","permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"}],"policy_warnings":[],"constraints_applied":{"max_risk":"medium","needs_install_command":true,"min_stars":0}},"safety_gate":{"tier":"verified","label":"Verified","badge":"VERIFIED","auto_install_policy":"allow","auto_install_allowed":true,"human_review_required":false,"blocked":false,"recommended_action":"Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.","reasons":["Verified listing","Safe-to-try audit","87/100 agent safety score"]},"supply_profile":{"track":{"slug":"coding","label":"Coding and developer agents","shortLabel":"Coding","description":"Code review, repo analysis, testing, CI, GitHub, DevOps, and developer workflow skills."},"scenario":{"label":"Coding agents","description":"I need a coding agent that can understand a repository, edit code, and review pull requests.","useCases":[{"slug":"security-compliance","title":"Security and compliance"},{"slug":"coding-agents","title":"Coding agents"},{"slug":"rag-knowledge","title":"RAG and knowledge"}]},"applicableAgents":["Claude Code","CLI","Codex","Cursor","Go"],"install":{"ready":true,"command":"npx skills add google/osv-scanner","primaryTarget":"CLI","targetCount":4},"githubQuality":{"stars":10553,"starsLabel":"11K","forks":728,"license":"Apache-2.0","qualityScore":100,"trustScore":93,"auditScore":95},"maintenance":{"status":"fresh","label":"13d since push","daysSincePush":13,"lastPushedAt":"2026-06-20T21:19:43+00:00"},"risk":{"level":"safe_to_try","label":"Safe to try","requiresReview":false,"notes":["No major risk signals from available metadata"]},"coverageTags":["Coding","Coding agents","security","vulnerability-scanner","scanner","security-audit","security-tools","go"]},"audit":{"audit_score":95,"risk_level":"safe_to_try","risk_label":"Safe to try","warnings":[]},"install_targets":[{"id":"openagentskill-cli","label":"CLI","title":"OpenAgentSkill CLI","kind":"command","value":"npx skills add google/osv-scanner","description":"Use the registry command when your workflow supports the OpenAgentSkill installer.","copyLabel":"Copy command"},{"id":"codex","label":"Codex","title":"Codex install prompt","kind":"agent-prompt","value":"Install the \"Osv Scanner\" agent skill from https://github.com/google/osv-scanner. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Vulnerability scanner written in Go which uses the data provided by https://osv.dev","description":"Give Codex a repo-aware install prompt when the skill is not available through a local CLI.","copyLabel":"Copy prompt"},{"id":"claude-code","label":"Claude Code","title":"Claude Code skill prompt","kind":"agent-prompt","value":"Add \"Osv Scanner\" as a Claude Code skill from https://github.com/google/osv-scanner. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Vulnerability scanner written in Go which uses the data provided by https://osv.dev","description":"Use this prompt to ask Claude Code to add the skill and explain the local activation steps.","copyLabel":"Copy prompt"},{"id":"cursor","label":"Cursor","title":"Cursor rule prompt","kind":"agent-prompt","value":"Turn \"Osv Scanner\" from https://github.com/google/osv-scanner into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Vulnerability scanner written in Go which uses the data provided by https://osv.dev","description":"Use this when installing as Cursor project rules or reusable agent instructions.","copyLabel":"Copy prompt"}],"urls":{"web":"https://www.openagentskill.com/skills/google-osv-scanner","api":"https://www.openagentskill.com/api/agent/skills/google-osv-scanner","install_api":"https://www.openagentskill.com/api/skills/google-osv-scanner/install","audit":"https://www.openagentskill.com/skills/google-osv-scanner/audit","repository":"https://github.com/google/osv-scanner"},"decision":{"readiness_score":100,"readiness_label":"Production-ready","headline":"Primary pick for Security and compliance","role":"Primary pick","adoption_stage":"Adopt","primary_fit":"Security and compliance","best_for":["Security and compliance workflows","Claude Code teams","teams that value GitHub adoption signals"],"risks":["No OpenAgentSkill engagement data yet"],"proof_points":["10,553 GitHub stars","recent repository activity","install command or GitHub repo available","100/100 quality profile"],"next_steps":["Install it in a sandbox agent and run one Security and compliance task end to end.","Compare output quality, latency, and failure behavior against at least one alternative.","Promote it into production only after reviewing repository permissions, license, and maintenance signals."]},"use_cases":[{"slug":"security-compliance","title":"Security and compliance","url":"https://www.openagentskill.com/use-cases/security-compliance"},{"slug":"coding-agents","title":"Coding agents","url":"https://www.openagentskill.com/use-cases/coding-agents"}],"recommendation_reasons":["Matches task terms: use, security, scan, agent","Strong GitHub adoption: 10,553 stars","Quality score 71/100","Install handoff is available","Repository freshness signal is available"],"reasoning":"Good task match. Evidence: 11K GitHub stars, verified author, 71 quality score. Vulnerability scanner written in Go which uses the data provided by https://osv.dev"}],"blocked_candidates":[{"slug":"he1m4n6a-btscan","name":"BtScan","match_score":71,"raw_match_score":182.30072498419048,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Audit risk exceeds the requested agent policy","Audit classified this skill as risky","Audit risk risky exceeds max_risk=medium"]},"url":"https://www.openagentskill.com/skills/he1m4n6a-btscan/audit"},{"slug":"rassec-yandi-scanner","name":"Yandi Scanner","match_score":71,"raw_match_score":182.21183195690767,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Audit risk exceeds the requested agent policy","Audit classified this skill as risky","Audit risk risky exceeds max_risk=medium"]},"url":"https://www.openagentskill.com/skills/rassec-yandi-scanner/audit"},{"slug":"dicklesworthstone-coding-agent-account-manager","name":"Coding Agent Account Manager","match_score":59,"raw_match_score":152.16951634560496,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Metadata combines secrets access with shell or command execution","High-risk permission hints: Shell or command execution, Secrets or environment access"]},"url":"https://www.openagentskill.com/skills/dicklesworthstone-coding-agent-account-manager/audit"},{"slug":"pushpenderindia-subdover","name":"Subdover","match_score":59,"raw_match_score":152.0932919151466,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Audit risk exceeds the requested agent policy","Audit classified this skill as risky","Audit risk risky exceeds max_risk=medium"]},"url":"https://www.openagentskill.com/skills/pushpenderindia-subdover/audit"},{"slug":"zt2-sqli-hunter","name":"Sqli Hunter","match_score":58,"raw_match_score":148.69395158541346,"safety_gate":{"tier":"blocked","label":"Blocked for auto-install","badge":"BLOCKED","summary":"This skill should not be selected by an agent without explicit human security review.","recommended_action":"Do not auto-install. Inspect the source, dependencies, and permission surface first.","auto_install_policy":"block","reasons":["Audit risk exceeds the requested agent policy","Audit classified this skill as risky","Audit risk risky exceeds max_risk=medium"]},"url":"https://www.openagentskill.com/skills/zt2-sqli-hunter/audit"}],"suggested_composition":{"name":"triat-terraform-security-scan-agent-stack","description":"Start with Terraform Security Scan, then add User Scanner + Osv Scanner only if the workflow needs extra coverage.","skills":["triat-terraform-security-scan","kaifcodec-user-scanner","google-osv-scanner"],"steps":["Prototype the task with Terraform Security Scan as the primary skill.","Add the second skill only if the first one leaves a capability gap.","Keep the third skill as a fallback during evaluation instead of installing everything at once."]},"suggested_stacks":[{"slug":"research-report-agent","name":"Research report agent stack","url":"https://www.openagentskill.com/collections/research-report-agent","use_case":"research-agents"},{"slug":"web-data-pipeline","name":"Web data pipeline stack","url":"https://www.openagentskill.com/collections/web-data-pipeline","use_case":"web-scraping"}],"meta":{"timestamp":"2026-07-03T23:11:40.722Z","api_version":"1.0","total_skills_searched":20263,"blocked_candidates":5,"safety_policy":"Blocked candidates are excluded from recommendations. Verified and reviewed candidates receive ranking priority.","public_search_endpoint":"https://www.openagentskill.com/api/skills/search","agent_friendly":true}}