Skill audit report

Lunasec audit report.

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

EXPERIMENTAL · REVIEWNeeds reviewGenerated Jun 17, 2026Heuristic metadata audit

Audit

Trust

Quality

Security

Maintain

Install

OpenAgentSkill Trust Score

Strong shortlist

Stars, maintenance, license, docs, install safety, permission surface, and installability.

The Trust Score is OpenAgentSkill's adoption layer. It is designed to help an agent decide whether a skill is safe enough to shortlist before installation.

GitHub adoption

PASS

1.5K GitHub stars

Stars/forks activity

INFO

1.5K stars, 167 forks; issue activity unavailable in current metadata

Recent maintenance

FAIL

2y since push

License clarity

WARN

Unknown

README/SKILL.md completeness

PASS

Metadata includes enough usage and workflow context

Dependency/runtime risk

PASS

no major dependency risk hints in public metadata

Install availability

PASS

npx skills add lunasec-io/lunasec

Install command safety

PASS

standard package or runtime install path

Permission surface

PASS

filesystem or document access

Repository evidence

PASS

https://github.com/lunasec-io/lunasec

Review status

PASS

AI review data available

Checks

Install and adoption review

8 passed · 9 review

Install path

PASS

npx skills add lunasec-io/lunasec

Repository

PASS

https://github.com/lunasec-io/lunasec

License

CHECK

Unknown

Maintenance

FIX

2y since push

AI review

PASS

Approved with no listed issues

README/SKILL.md completeness

PASS

Usable description available

Dependency risk

PASS

no major dependency risk hints in public metadata

Install command safety

PASS

standard package or runtime install path

Permission surface

PASS

filesystem or document access

Stars/forks activity

CHECK

1.5K stars, 167 forks; issue activity unavailable in current metadata

Adoption

PASS

1.5K GitHub stars

Warnings

License is unclear
Repository appears stale
Repository looks stale
Quality score needs review
Recent maintenance: 2y since push
License clarity: Unknown

Method

This report combines public metadata, AI review output, repository freshness, install readiness, OpenAgentSkill events, quality scoring, trust checks, and the agent safety gate. It is not a full source-code security review.

Install path

Review the report before installing into production agents.

$ npx skills add lunasec-io/lunasec

Signals

Audit score: 70/100
Quality: 67/100
Trust: 80/100
Install safety: 92/100
Permission surface: 86/100
Maintenance: 2y since push
Events: No events yet
GitHub stars: 1.5K
Last push: May 2, 2024

Agent safety v2

54/100 · Avoid automatic install

Experimentalreview

Sparse or mixed signals. Useful for discovery, but not for autonomous installation.

Test manually in an isolated workspace and compare against safer alternatives.

License is unclear
54/100 agent safety score

Network access

medium

Skill likely fetches remote pages, APIs, repositories, or external services.

Filesystem access

medium

Skill may read or write project files, documents, generated artifacts, or local workspace state.

License is unclear

Back to skill Alternatives Audit badge SVG

Compare nearby options

Related skills to audit next

Caddy

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

73K stars · Audit report

Win11Debloat

A simple, lightweight PowerShell script that allows you to remove pre-installed apps, disable telemetry, as well as perform various other changes to declutter and customize your Windows experience. Win11Debloat works for both Windows 10 and Windows 11.

48K stars · Audit report

AdGuardHome

Network-wide ads & trackers blocking DNS server

35K stars · Audit report