Skill audit report
Coca audit report.
Coca is a toolbox which is design for legacy system refactoring and analysis, includes call graph, concept analysis, api tree, design patterns suggest. Coca 是一个用于系统重构、系统迁移和系统分析的工具箱。它可以分析代码中的测试坏味道、模块化分析、行数统计、分析调用与依赖、Git 分析以及自动化重构等。
OpenAgentSkill Trust Score
Stars, maintenance, license, docs, install safety, permission surface, and installability.
The Trust Score is OpenAgentSkill's adoption layer. It is designed to help an agent decide whether a skill is safe enough to shortlist before installation.
GitHub adoption
INFO76
988 GitHub stars
Stars/forks activity
INFO71
988 stars, 116 forks; issue activity unavailable in current metadata
Recent maintenance
INFO76
6mo since push
License clarity
PASS86
MPL-2.0
README/SKILL.md completeness
PASS90
Metadata includes enough usage and workflow context
Dependency/runtime risk
PASS82
network or browser surface
Install availability
PASS92
npx skills add phodal/coca
Install command safety
PASS92
standard package or runtime install path
Permission surface
INFO72
filesystem or document access, network or browser access
Repository evidence
PASS86
https://github.com/phodal/coca
Review status
PASS88
AI review data available
Agent Proven outcomes
INFO54
No agent outcome data yet
Checks
Install and adoption review
Install path
92
npx skills add phodal/coca
Repository
88
https://github.com/phodal/coca
License
86
MPL-2.0
Maintenance
76
6mo since push
AI review
88
Approved with no listed issues
README/SKILL.md completeness
90
Usable description available
Dependency risk
82
network or browser surface
Install command safety
92
standard package or runtime install path
Permission surface
72
filesystem or document access, network or browser access
Stars/forks activity
71
988 stars, 116 forks; issue activity unavailable in current metadata
Adoption
88
988 GitHub stars
Warnings
- Quality score needs review
Method
This report combines public metadata, AI review output, repository freshness, install readiness, OpenAgentSkill events, quality scoring, trust checks, and the agent safety gate. It is not a full source-code security review.
Compare nearby options