Pre-install eval

Medusa Extender eval report.

A machine-readable install decision for agents: task fit, Trust Score, Audit Score, install safety, permission surface, and a concrete validation plan before this skill touches a workspace.

FailedHIGH RISKBLOCK POLICY
58
Eval
68
Trust
62
Audit
30
Safety

do not auto install

Permission surface: shell or command execution, filesystem or document access

Required gates

Checks an agent must pass before install

Open JSON

Task fit

94

pass

Task wording matches this skill metadata.

  • Evaluate Medusa Extender before installing it in an agent workflow
  • commerce-automation
  • Coding agents workflows; Claude Code teams; builders willing to evaluate younger projects

Install path

92

pass

Install handoff is available.

  • npx skills add adrien2p/medusa-extender

Install command safety

92

pass

standard package or runtime install path

  • npx skills add adrien2p/medusa-extender

Trust score

68

warn

Potentially useful, but at least one trust signal needs human inspection.

  • Manual review
  • 348 GitHub stars
  • MIT

Audit score

62

warn

Needs review

  • Permission surface may require sandboxing

Agent safety gate

30

warn

Sparse or mixed signals. Useful for discovery, but not for autonomous installation.

  • Test manually in an isolated workspace and compare against safer alternatives.
  • High-risk permission hints: Shell or command execution

License clarity

86

pass

MIT

  • MIT

Permission surface

48

fail

shell or command execution, filesystem or document access

  • Shell or command execution: high
  • Browser automation: medium
  • Network access: medium

Validation plan

What the agent should do next

  1. 1Inspect repository, README/SKILL.md, license, and recent commits before production use.
  2. 2Install in an isolated workspace or sandbox with no production secrets available.
  3. 3Run the smallest representative task and record files touched, commands run, network access, and outputs.
  4. 4Compare the selected skill against at least one alternative when the eval status is review or failed.
  5. 5Promote only after the agent reports a successful verification result and unresolved warnings are accepted.

Do not use when

Conditions that require another skill

  • teams that require actively maintained dependencies
  • production agents without a repository review
  • Repository looks stale
  • High-risk permission hints: Shell or command execution
  • Permission surface may require sandboxing
  • Repository appears stale

Supporting checks

Trust signals behind the decision

README/SKILL.md completeness

pass

90

Metadata includes enough usage and workflow context

Recent maintenance

fail

22

2y since push

Alternatives available

pass

82

Alternative skills are available for comparison.