Pre-install eval

Curlie eval report.

A machine-readable install decision for agents: task fit, Trust Score, Audit Score, install safety, permission surface, and a concrete validation plan before this skill touches a workspace.

FailedHIGH RISKBLOCK POLICY

Eval

Trust

Audit

Safety

do not auto install

Permission surface: shell or command execution, filesystem or document access

Required gates

Checks an agent must pass before install

Open JSON

Task fit

pass

Task wording matches this skill metadata.

Evaluate Curlie before installing it in an agent workflow
coding-agents
Coding agents workflows; Claude Code teams; teams that value GitHub adoption signals

Install path

pass

Install handoff is available.

npx skills add rs/curlie

Install command safety

pass

standard package or runtime install path

npx skills add rs/curlie

Trust score

warn

Good trust signals with a few areas worth checking before rollout.

Strong shortlist
3.7K GitHub stars
MIT

Audit score

warn

Needs review

Permission surface may require sandboxing

Agent safety gate

warn

Sparse or mixed signals. Useful for discovery, but not for autonomous installation.

Test manually in an isolated workspace and compare against safer alternatives.
High-risk permission hints: Shell or command execution

License clarity

pass

MIT

Permission surface

fail

shell or command execution, filesystem or document access

Shell or command execution: high
Network access: medium
Filesystem access: medium

Validation plan

What the agent should do next

1Inspect repository, README/SKILL.md, license, and recent commits before production use.
2Install in an isolated workspace or sandbox with no production secrets available.
3Run the smallest representative task and record files touched, commands run, network access, and outputs.
4Compare the selected skill against at least one alternative when the eval status is review or failed.
5Promote only after the agent reports a successful verification result and unresolved warnings are accepted.

Do not use when

Conditions that require another skill

teams that need a vendor-supported SLA
high-compliance environments without internal security review
No major risk signals from current metadata
High-risk permission hints: Shell or command execution
Permission surface may require sandboxing
Permission surface needs review: shell or command execution, filesystem or document access

Supporting checks

Trust signals behind the decision

README/SKILL.md completeness

warn

Public metadata needs stronger README/SKILL.md context

Recent maintenance

warn

7mo since push

Alternatives available

pass

Alternative skills are available for comparison.

Install handoff

Use only after the eval decision and validation plan are accepted.

$ npx skills add rs/curlie

Agent endpoints

Eval JSON Eval text Skill JSON Audit report

Warnings

Trust score: Good trust signals with a few areas worth checking before rollout.
Audit score: Needs review
Agent safety gate: Sparse or mixed signals. Useful for discovery, but not for autonomous installation.
README/SKILL.md completeness: Public metadata needs stronger README/SKILL.md context
Recent maintenance: 7mo since push
High-risk permission hints: Shell or command execution
Permission surface may require sandboxing
Permission surface needs review: shell or command execution, filesystem or document access

Alternatives

Opencode

Trust 93 · Audit 95

Puppeteer

Trust 92 · Audit 94

Codex

Trust 90 · Audit 93

Hoppscotch

Trust 90 · Audit 93