Skill audit report
Rules audit report.
Project CodeGuard is an AI model-agnostic security framework and ruleset that embeds secure-by-default practices into AI coding workflows (generation and review). It ships core security rules, translators for popular coding agents, and validators to test rule compliance.
OpenAgentSkill Trust Score
Stars, maintenance, license, docs, install safety, permission surface, and installability.
The Trust Score is OpenAgentSkill's adoption layer. It is designed to help an agent decide whether a skill is safe enough to shortlist before installation.
GitHub adoption
INFO62
409 GitHub stars
Stars/forks activity
INFO62
409 stars, 56 forks; issue activity unavailable in current metadata
Recent maintenance
INFO76
5mo since push
License clarity
WARN42
Unknown
README/SKILL.md completeness
PASS90
Metadata includes enough usage and workflow context
Dependency/runtime risk
PASS90
no major dependency risk hints in public metadata
Install availability
PASS92
npx skills add project-codeguard/rules
Install command safety
PASS92
standard package or runtime install path
Permission surface
PASS86
filesystem or document access
Repository evidence
PASS86
https://github.com/project-codeguard/rules
Review status
PASS88
AI review data available
Agent Proven outcomes
INFO54
No agent outcome data yet
Checks
Install and adoption review
Install path
92
npx skills add project-codeguard/rules
Repository
88
https://github.com/project-codeguard/rules
License
45
Unknown
Maintenance
76
5mo since push
AI review
88
Approved with no listed issues
README/SKILL.md completeness
90
Usable description available
Dependency risk
90
no major dependency risk hints in public metadata
Install command safety
92
standard package or runtime install path
Permission surface
86
filesystem or document access
Stars/forks activity
62
409 stars, 56 forks; issue activity unavailable in current metadata
Adoption
68
409 GitHub stars
Warnings
- License is unclear
- Quality score needs review
- License clarity: Unknown
Method
This report combines public metadata, AI review output, repository freshness, install readiness, OpenAgentSkill events, quality scoring, trust checks, and the agent safety gate. It is not a full source-code security review.
Compare nearby options