Skill audit report

Trivy Action audit report.

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities

REVIEWED · REVIEWSafe to tryGenerated Jun 17, 2026Heuristic metadata audit

Audit

Trust

100

Quality

Security

100

Maintain

Install

OpenAgentSkill Trust Score

Production candidate

Stars, maintenance, license, docs, install safety, permission surface, and installability.

The Trust Score is OpenAgentSkill's adoption layer. It is designed to help an agent decide whether a skill is safe enough to shortlist before installation.

GitHub adoption

PASS

1.4K GitHub stars

Stars/forks activity

PASS

1.4K stars, 348 forks; issue activity unavailable in current metadata

Recent maintenance

PASS

100

2d since push

License clarity

PASS

Apache-2.0

README/SKILL.md completeness

PASS

Metadata includes enough usage and workflow context

Dependency/runtime risk

INFO

command execution surface, external package install surface

Install availability

PASS

npx skills add aquasecurity/trivy-action

Install command safety

PASS

standard package or runtime install path

Permission surface

INFO

shell or command execution, filesystem or document access

Repository evidence

PASS

https://github.com/aquasecurity/trivy-action

Review status

PASS

AI review data available

Checks

Install and adoption review

9 passed · 2 review

Install path

PASS

npx skills add aquasecurity/trivy-action

Repository

PASS

https://github.com/aquasecurity/trivy-action

License

PASS

Apache-2.0

Maintenance

100

PASS

2d since push

AI review

PASS

Approved with no listed issues

README/SKILL.md completeness

PASS

Usable description available

Dependency risk

CHECK

command execution surface, external package install surface

Install command safety

PASS

standard package or runtime install path

Permission surface

CHECK

shell or command execution, filesystem or document access

Stars/forks activity

PASS

1.4K stars, 348 forks; issue activity unavailable in current metadata

Adoption

PASS

1.4K GitHub stars

Warnings

No major warnings detected from available metadata.

Method

This report combines public metadata, AI review output, repository freshness, install readiness, OpenAgentSkill events, quality scoring, trust checks, and the agent safety gate. It is not a full source-code security review.

Install path

Review the report before installing into production agents.

$ npx skills add aquasecurity/trivy-action

Signals

Audit score: 93/100
Quality: 100/100
Trust: 90/100
Install safety: 92/100
Permission surface: 62/100
Maintenance: 2d since push
Events: 1 events
GitHub stars: 1.4K
Last push: Jun 15, 2026

Agent safety v2

65/100 · Review before install

Reviewed with permission notesreview

Usable candidate, but the agent should surface permission and audit notes before installation.

Require human approval before installing into a real workspace.

High-risk permission hints: Shell or command execution
65/100 agent safety score

Shell or command execution

high

Skill metadata references terminal, CLI, shell, subprocess, or command execution workflows.

Network access

medium

Skill likely fetches remote pages, APIs, repositories, or external services.

Filesystem access

medium

Skill may read or write project files, documents, generated artifacts, or local workspace state.

High-risk permission hints: Shell or command execution

Back to skill Alternatives Audit badge SVG

Compare nearby options

Related skills to audit next

Act

Run your GitHub Actions locally 🚀

71K stars · Audit report

Gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD

56K stars · Audit report

Goreleaser

Release engineering, simplified

16K stars · Audit report