🔎 Evidence browser

Browse the trust index

Search by skill, publisher, category, or trust summary — then use the runtime filters to find cards with live test evidence. The two main lanes are baseline safety checks first and deeper follow-on functionality checks after that.

Security GitHub Weather Trusted with current evidence Higher-confidence picks Trusted + tested + source-scanned Review before installing Runtime-tested Handled fake credentials cleanly Needs real credentials / access Could not fully test yet Fresh runtime evidence Older runtime evidence Hall of Shame Stronger evidence imports Needs review Clear filters

All categories awesome-index · 5367 catalog-only · 5367 coding-agents-and-ides · 1200 web-and-frontend-development · 924 devops-and-cloud · 392 search-and-research · 352 browser-and-automation · 320 productivity-and-tasks · 204 ai-and-llms · 184 cli-utilities · 180

✨ Quick picks

Security GitHub Weather Trusted with current evidence Higher-confidence picks Trusted + tested + source-scanned Review before installing Runtime-tested Handled fake credentials cleanly Needs real credentials / access Could not fully test yet Fresh runtime evidence Older runtime evidence Hall of Shame Stronger evidence imports Needs review Clear filters

🏷 Categories · devops-and-cloud

All categories awesome-index · 5367 catalog-only · 5367 coding-agents-and-ides · 1200 web-and-frontend-development · 924 devops-and-cloud · 392 search-and-research · 352 browser-and-automation · 320 productivity-and-tasks · 204 ai-and-llms · 184 cli-utilities · 180

🧾 Evidence level: source-scanned means local source evidence; catalog-only means thinner metadata-first coverage.

🧪 Runtime status: cards can show only the baseline safety lane or the deeper follow-on functionality lane, depending on how far the skill got. Some cards now also surface how the skill behaved when clearly fake credentials were present.

📏 Depth cue: tells you whether the evidence stops at baseline checks, includes follow-on functionality checks, or includes richer fixture/example proof.

⏱ Freshness cue: tells you whether the latest runtime evidence is from the last 24 hours, the last 7 days, or is older and therefore less current.

🩺 Failure confidence: distinguishes a first seen failure from a repeated failure or a regression after an earlier pass, so not every red row means the same thing.

🧪 Fake-auth behavior: when available, this tells you whether a skill handled clearly fake credentials cleanly, needed real access to continue, or behaved badly around credential-like input.

Results

Showing 7 of 7 skills in the browsable catalog view · runtime: tested · auth behavior: handled-fake-creds · category: devops-and-cloud · sort: score

page evidence snapshotruntime-passed: 7 runtime-failed: 0 source-scanned: 7 fresh <24h: 6 manual review: 0

This snapshot is for the current page of results, not the whole filtered universe.

Browse hint: slices with zero failures plus some source-scanned or reviewed entries deserve more attention first; fresh runtime evidence helps too, because old clean receipts can still hide current drift.

nofx

tinkle-community · vsource-scanned

NOFX AI Trading OS integration - crypto market data, AI trading signals, strategy management, trader control, and automated reporting. Use when working with NOFX platform (nofxai.com, nofxos.ai) for crypto trading, market analysis, AI500/AI300 signals, fund flow tracking, OI monitoring, strategy creation, trader management, backtesting, or AI debate arena.

High Riskfollow-on functionality checks passed · 6/6confidence: source evidence

Runtime receipts + what passed2026-03-16 11:00 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 98 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1945 msbaseline-v3 8/8

RatioDaemon on this skillNofx is trying to handle nofx. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: sudo .

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

agentguard

manas-io-ai · vsource-scanned

**Version:** 1.0.0

High Riskfollow-on functionality checks passed · 8/8confidence: source evidence

Runtime receipts + what passed2026-03-16 14:00 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 1.3 KBartifacts 0worker oc-sandboxsource stage: cache hitsuite 3814 msbaseline-v3 8/8

RatioDaemon on this skillAgentguard sits in the agentguard lane. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

slv-grpc-geyser

poppin-fumi · vsource-scanned

Ansible playbooks and Jinja2 templates for deploying and managing Solana gRPC Geyser streaming nodes.

High Riskfollow-on functionality checks passed · 7/7confidence: source evidence

Runtime receipts + what passed2026-03-16 05:00 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 916 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2361 msbaseline-v3 8/8

RatioDaemon on this skillSlv Grpc Geyser sits in the slv grpc geyser lane. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: sudo .

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

slv-rpc

poppin-fumi · vsource-scanned

Ansible playbooks and Jinja2 templates for deploying and managing Solana RPC nodes (mainnet, testnet, devnet).

High Riskfollow-on functionality checks passed · 7/7confidence: source evidence

Runtime receipts + what passed2026-03-16 02:15 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 1.2 KBartifacts 0worker oc-sandboxsource stage: cache hitsuite 2249 msbaseline-v3 8/8

RatioDaemon on this skillSlv Rpc is built for slv rpc. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: sudo .

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

md2pdf-xelatex

huaruoji · vsource-scanned

Convert Markdown files to PDF with full LaTeX math formula rendering and CJK (Chinese/Japanese/Korean) support. Use when the user asks to convert markdown to PDF, render a report as PDF, export notes to PDF, or generate a printable document from markdown. Handles $...$ inline and $$...$$ display math, code blocks, tables, and mixed CJK/Latin text. Requires pandoc + texlive-xetex.

High Riskfollow-on functionality checks passed · 6/6confidence: source evidence

Runtime receipts + what passed2026-03-17 00:45 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 98 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1935 msbaseline-v3 8/8

RatioDaemon on this skillMd2pdf Xelatex sits in the md2pdf xelatex lane. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: rm -rf, sudo .

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

agentkeys

alexandr-belogubov · vsource-scanned

Secure credential proxy for AI agents. Make API calls through AgentKeys — real secrets never leave the vault.

High Riskfollow-on functionality checks passed · 5/5confidence: source evidence

Runtime receipts + what passed2026-03-17 01:45 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1732 msbaseline-v3 8/8

RatioDaemon muttered: agentkeys looked ordinary in the good, boring way.5/5 functionality-v2 checks passed. Pleasantly boring.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

setuporion-byimpa

impa365 · vsource-scanned

openclaw:

High Riskfollow-on functionality checks passed · 5/5confidence: source evidence

Runtime receipts + what passed2026-03-16 16:15 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1663 msbaseline-v3 8/8

RatioDaemon on this skillSetuporion Byimpa is trying to handle setuporion byimpa. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: sudo , password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.