🔎 Evidence browser

Browse the trust index

Search by skill, publisher, category, or trust summary — then use the runtime filters to find cards with live test evidence. The two main lanes are baseline safety checks first and deeper follow-on functionality checks after that.

Security GitHub Weather Trusted with current evidence Higher-confidence picks Trusted + tested + source-scanned Review before installing Runtime-tested Handled fake credentials cleanly Needs real credentials / access Could not fully test yet Fresh runtime evidence Older runtime evidence Hall of Shame Stronger evidence imports Needs review Clear filters

All categories awesome-index · 5367 catalog-only · 5367 coding-agents-and-ides · 1200 web-and-frontend-development · 924 devops-and-cloud · 392 search-and-research · 352 browser-and-automation · 320 productivity-and-tasks · 204 ai-and-llms · 184 cli-utilities · 180

✨ Quick picks

Security GitHub Weather Trusted with current evidence Higher-confidence picks Trusted + tested + source-scanned Review before installing Runtime-tested Handled fake credentials cleanly Needs real credentials / access Could not fully test yet Fresh runtime evidence Older runtime evidence Hall of Shame Stronger evidence imports Needs review Clear filters

🏷 Categories · cli-utilities

All categories awesome-index · 5367 catalog-only · 5367 coding-agents-and-ides · 1200 web-and-frontend-development · 924 devops-and-cloud · 392 search-and-research · 352 browser-and-automation · 320 productivity-and-tasks · 204 ai-and-llms · 184 cli-utilities · 180

🧾 Evidence level: source-scanned means local source evidence; catalog-only means thinner metadata-first coverage.

🧪 Runtime status: cards can show only the baseline safety lane or the deeper follow-on functionality lane, depending on how far the skill got. Some cards now also surface how the skill behaved when clearly fake credentials were present.

📏 Depth cue: tells you whether the evidence stops at baseline checks, includes follow-on functionality checks, or includes richer fixture/example proof.

⏱ Freshness cue: tells you whether the latest runtime evidence is from the last 24 hours, the last 7 days, or is older and therefore less current.

🩺 Failure confidence: distinguishes a first seen failure from a repeated failure or a regression after an earlier pass, so not every red row means the same thing.

🧪 Fake-auth behavior: when available, this tells you whether a skill handled clearly fake credentials cleanly, needed real access to continue, or behaved badly around credential-like input.

Results

Showing 7 of 7 skills in the browsable catalog view · runtime: passed · auth behavior: handled-fake-creds · category: cli-utilities · sort: score

page evidence snapshotruntime-passed: 6 runtime-failed: 1 source-scanned: 7 fresh <24h: 5 manual review: 0

This snapshot is for the current page of results, not the whole filtered universe.

Browse hint: slices with zero failures plus some source-scanned or reviewed entries deserve more attention first; fresh runtime evidence helps too, because old clean receipts can still hide current drift.

agent-commerce-engine

nowloady · vsource-scanned

A production-ready universal engine for Agentic Commerce. This tool enables autonomous agents to interact with any compatible headless e-commerce backend through a standardized protocol. It provides out-of-the-box support for discovery, cart operations, and secure user management.

High Riskfollow-on functionality checks failed · 6/8confidence: source evidence

Runtime receipts + what failed2026-03-16 15:00 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanefake-auth behavior: concerningpassed, runtime failed, fell over when given fake credentialsoutput 99 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3192 msbaseline-v3 8/8

🕵️ expected proof signal was missing🚫 skill exited with an error💥 behaved badly with fake credentials

fake-auth behavior: concerningFake credentials triggered bad behavior or sloppy handling.

RatioDaemon muttered: agent-commerce-engine made it to runtime and then fell apart on contact.6/8 functionality-v2 checks passed before the stumble. The python help is the part that made this interesting.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: password.

Decision cue: Review first — functionality-v2 already found trouble.

messageguard

andrewandrewsen · vsource-scanned

**Purpose**: MessageGuard filters outgoing text to prevent secret leaks and sensitive data exposure by using pattern-based detection and configurable actions (mask, block, or warn).

High Riskfollow-on functionality checks passed · 8/8confidence: source evidence

Runtime receipts + what passed2026-03-16 16:45 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfake-auth behavior: handled cleanlypassed, handled fake credentials cleanlyoutput 143 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2962 msbaseline-v3 8/8

fake-auth behavior: handled cleanlyClearly fake credentials were exercised and handled normally.

RatioDaemon on this skillMessageguard is trying to handle messageguard. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

aetup-automatik

alltomatos · vsource-scanned

Facilitate the installation and management of VPS solutions using the Setup Automatik engine (powered by Orion Design). Use when the user wants to install, configure, or manage tools like Traefik, Portainer, Chatwoot, N8N, and other open-source applications on a Linux VPS.

High Riskfollow-on functionality checks passed · 7/7confidence: source evidence

Runtime receipts + what passed2026-03-17 00:00 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 117 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2353 msbaseline-v3 8/8

RatioDaemon on this skillAetup Automatik is built for aetup automatik. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: sudo , password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

setup-automatik

alltomatos · vsource-scanned

Facilitate the installation and management of VPS solutions using the Setup Automatik engine (powered by Orion Design). Use when the user wants to install, configure, or manage tools like Traefik, Portainer, Chatwoot, N8N, and other open-source applications on a Linux VPS.

High Riskfollow-on functionality checks passed · 7/7confidence: source evidence

Runtime receipts + what passed2026-03-16 21:15 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 117 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2361 msbaseline-v3 8/8

RatioDaemon on this skillSetup Automatik looks aimed at setup automatik. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: sudo , password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

audit-code

itsnishi · vsource-scanned

Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities

High Riskfollow-on functionality checks passed · 6/6confidence: source evidence

Runtime receipts + what passed2026-03-16 04:00 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 99 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2061 msbaseline-v3 8/8

RatioDaemon muttered: audit-code behaved itself under runtime pressure.6/6 functionality-v2 checks passed. Pleasantly boring.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: eval(, password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

restic-home-backup

moep90 · vsource-scanned

Design, implement, and operate encrypted restic backups for Linux home directories with systemd automation, retention policies, and restore validation. Use when a user asks to back up ~/, set up daily/weekly/monthly backup jobs, harden backup security, or troubleshoot restore/integrity issues.

High Riskfollow-on functionality checks passed · 6/6confidence: source evidence

Runtime receipts + what passed2026-03-16 04:15 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 98 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1923 msbaseline-v3 8/8

RatioDaemon on this skillRestic Home Backup is built for restic home backup. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: sudo , password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

restic-home-backup-safe

moep90 · vsource-scanned

Design, implement, and operate encrypted restic backups for Linux home directories with systemd automation, retention policies, and restore validation. Use when a user asks to back up ~/, set up daily/weekly/monthly backup jobs, harden backup security, or troubleshoot restore/integrity issues.

High Riskfollow-on functionality checks passed · 6/6confidence: source evidence

Runtime receipts + what passed2026-03-16 07:00 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 98 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2020 msbaseline-v3 8/8

RatioDaemon on this skillRestic Home Backup Safe is built for cli utilities automation. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: sudo , password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.