Skip to content

Scoring and Risk Scan

Connor edited this page Jul 3, 2026 · 2 revisions

Scoring and Risk Scan

The curator should make candidate quality and risk visible before installation.

Candidate Requirements

Strict candidates should satisfy:

Requirement Why It Matters
Contains SKILL.md Ensures it is actually an Agent Skill.
Clear task fit Avoids broad, noisy, or irrelevant installs.
License or reuse clarity Reduces legal and reuse ambiguity.
Reasonable maintenance Helps avoid stale workflows.
Examples or documentation Improves confidence and usability.
No high-risk scan findings Reduces prompt and supply-chain risk.

Scoring Signals

Use references/scoring.md for detailed scoring rules. Common signals include:

  • task relevance;
  • skill structure;
  • trigger description specificity;
  • stars, forks, releases, and recency;
  • documentation quality;
  • examples and tests;
  • license clarity;
  • curation provenance;
  • safety scan results.

Risk Scan Checklist

Reject or heavily warn on candidates that:

  • ask the agent to ignore system, developer, or user instructions;
  • try to exfiltrate secrets, tokens, .env, SSH keys, browser profiles, or private files;
  • run destructive shell commands without clear user intent;
  • use opaque install scripts such as curl ... | sh;
  • require broad permissions unrelated to the task;
  • hide behavior in minified, encoded, or obfuscated scripts;
  • use overbroad descriptions such as "use for all tasks" or "always run".

Wording Standard

A safety scan is heuristic. Prefer:

Looks acceptable based on scanned files.

Avoid:

This is safe.

中文说明

评分和风险扫描的目标是让安装决策可见,而不是替用户自动安装。

候选 skill 至少应该满足:

要求 原因
包含 SKILL.md 确认它真的是 Agent Skill。
任务匹配清晰 避免泛化、噪音或无关安装。
License 清楚 减少复用和分发风险。
有维护或稳定证据 避免过期 workflow。
有示例或文档 提高可用性。
没有高风险扫描结果 降低 prompt 和 supply-chain 风险。

风险扫描是启发式的。推荐说“基于已扫描文件看起来可接受”,不要说“绝对安全”。

Clone this wiki locally