Star0

Pre-install eval

Tokentap eval report.

A machine-readable install decision for agents: task fit, Trust Score, Audit Score, install safety, permission surface, and a concrete validation plan before this skill touches a workspace.

FailedHIGH RISKBLOCK POLICY
71
Eval
76
Trust
81
Audit
41
Safety

do not auto install

Agent safety gate: This skill should not be selected by an agent without explicit human security review.

Required gates

Checks an agent must pass before install

Open JSON

Task fit

84

pass

Task wording matches this skill metadata.

  • Evaluate Tokentap before installing it in an agent workflow
  • coding-agents
  • Coding agents workflows; Claude Code teams; teams that value GitHub adoption signals

Install path

92

pass

Install handoff is available.

  • npx skills add jmuncor/tokentap

Install command safety

92

pass

standard package or runtime install path

  • npx skills add jmuncor/tokentap

Trust score

76

warn

Good trust signals with a few areas worth checking before rollout.

  • Strong shortlist
  • 800 GitHub stars
  • MIT

Audit score

81

warn

Needs review

  • Dependency or permission surface needs review

Agent safety gate

41

fail

This skill should not be selected by an agent without explicit human security review.

  • Do not auto-install. Inspect the source, dependencies, and permission surface first.
  • Metadata combines secrets access with shell or command execution

License clarity

86

pass

MIT

  • MIT

Permission surface

22

fail

secrets or environment access, shell or command execution

  • Shell or command execution: high
  • Network access: medium
  • Filesystem access: medium

Validation plan

What the agent should do next

  1. 1Inspect repository, README/SKILL.md, license, and recent commits before production use.
  2. 2Install in an isolated workspace or sandbox with no production secrets available.
  3. 3Run the smallest representative task and record files touched, commands run, network access, and outputs.
  4. 4Compare the selected skill against at least one alternative when the eval status is review or failed.
  5. 5Promote only after the agent reports a successful verification result and unresolved warnings are accepted.

Do not use when

Conditions that require another skill

  • teams that need a vendor-supported SLA
  • high-compliance environments without internal security review
  • No major risk signals from current metadata
  • High-risk permission hints: Shell or command execution, Secrets or environment access
  • Dependency or permission surface needs review
  • Permission surface may require sandboxing

Supporting checks

Trust signals behind the decision

README/SKILL.md completeness

pass

100

Metadata includes enough usage and workflow context

Recent maintenance

pass

88

3mo since push

Alternatives available

pass

82

Alternative skills are available for comparison.