0xsero/evidence-heavy-evaluator
skills/evidence-heavy-evaluator/SKILL.md
Generate an evidence-first, read-only repository evaluation report with deterministic scoring and actionable recommendations. Use when the user asks to assess readiness, maintainability, release-readiness, documentation gaps, or engineering health and wants auditable artifacts (`json` + `markdown` + raw command logs).
$ install --global
skillsauthnpx skillsauth add 0xsero/vllm-studio evidence-heavy-evaluatorInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Error
VirusTotalMulti-engine malware detection
70%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 24, 2026, 2:49 PM44.7s5 files scanned
SKILL.md
- name:
- evidence-heavy-evaluator
- description:
- Generate an evidence-first, read-only repository evaluation report with deterministic scoring and actionable recommendations. Use when the user asks to assess readiness, maintainability, release-readiness, documentation gaps, or engineering health and wants auditable artifacts (`json` + `markdown` + raw command logs).
Evidence Heavy Evaluator
Run a deterministic repo evaluation and emit auditable artifacts in test-output.
Workflow
- Choose inputs:
target_dir: repo or subdirectory to evaluate.profile:readiness,maintainability, orrelease-readiness.depth:quickordeep.execute_checks: include to run lint/test/typecheck/build evidence.
- Collect evidence:
skills/evidence-heavy-evaluator/scripts/collect_evidence.sh \
--target-dir <target_dir> \
--profile <profile> \
--depth <depth> \
[--execute-checks]
- Read outputs from
<target_dir>/test-output/evidence-heavy-evaluator/:
readiness-scorecard.jsonreadiness-report.mdchecks-summary.tsvmetrics.tsvsignals.tsv
- Summarize results for the user:
- Lead with highest-impact failed criteria.
- Cite the exact artifact paths used as evidence.
- Separate failed checks from skipped/not-evaluated checks.
Guardrails
- Keep evaluation read-only: do not edit code as part of this skill.
- Treat command failures as evidence, not blockers.
- Preserve deterministic ordering in report summaries.
- If
--execute-checksis omitted, call out that quality execution criteria are not evaluated.
Criteria
Use references/criteria-matrix.md as the source of truth for scoring criteria and profile weights.
Notes
- The collector automatically runs
render_report.pyafter evidence collection. uvis required becauserender_report.pyis executed withuv run.
Related Skills
0xsero/visual-explainer
development
VerifiedTrustedCommunity
Generate beautiful, self-contained HTML pages that visually explain systems, code changes, plans, and data. Use when the user asks for a diagram, architecture overview, diff review, plan review, project recap, comparison table, or any visual explanation of technical concepts. Also use proactively when you are about to render a complex ASCII table (4+ rows or 3+ columns) — present it as a styled HTML page instead.
350SKILL.mdUpdated Mar 24, 2026
steipete/skill-creator
testing
VerifiedTrustedCommunity
Create, edit, improve, or audit AgentSkills. Use when creating a new skill from scratch or when asked to improve, review, audit, tidy up, or clean up an existing skill or SKILL.md file. Also use when editing or restructuring a skill directory (moving files to references/ or scripts/, removing stale content, validating against the AgentSkills spec). Triggers on phrases like "create a skill", "author a skill", "tidy up a skill", "improve this skill", "review the skill", "clean up the skill", "audit the skill".
356,423SKILL.mdUpdated Apr 13, 2026
steipete/healthcheck
testing
VerifiedTrustedCommunity
Host security hardening and risk-tolerance configuration for OpenClaw deployments. Use when a user asks for security audits, firewall/SSH/update hardening, risk posture, exposure review, OpenClaw cron scheduling for periodic checks, or version status checks on a machine running OpenClaw (laptop, workstation, Pi, VPS).
356,423SKILL.mdUpdated Apr 13, 2026
openclaw/skill-creator
testing
VerifiedTrustedCommunity
Create, edit, improve, or audit AgentSkills. Use when creating a new skill from scratch or when asked to improve, review, audit, tidy up, or clean up an existing skill or SKILL.md file. Also use when editing or restructuring a skill directory (moving files to references/ or scripts/, removing stale content, validating against the AgentSkills spec). Triggers on phrases like "create a skill", "author a skill", "tidy up a skill", "improve this skill", "review the skill", "clean up the skill", "audit the skill".
353,662SKILL.mdUpdated Apr 10, 2026