ReddRadar
Agent skill
scorecard
Automated security tool for assessing open-source project risks and best practices adherence. Core Scenario: When the user needs to evaluate the security health of a GitHub repository or package.
Install this agent skill to your Project
npx add-skill https://github.com/x-cmd/skill/tree/main/data/x-cmd/scorecard
SKILL.md
scorecard - OpenSSF Security Scorecard
The scorecard module evaluates open-source projects based on security best practices, providing a score and detailed report on potential risks like binary artifacts, unreviewed code, or dangerous workflows.
When to Activate
- When the user wants to assess the security level of an open-source repository.
- When performing due diligence on a new dependency (npm, PyPI, etc.).
- When auditing a local repository for security improvements.
Core Principles & Rules
- Best Practices: Focuses on identifying risks like lack of CI tests, missing branch protection, or pinned dependencies.
- Detailed Reporting: Use
--show-detailsto understand why specific checks passed or failed.
Patterns & Examples
Repository Audit
# Display the security scorecard for a GitHub repository
x scorecard info github.com/ossf/scorecard
Open Web Report
# Open the full OpenSSF scorecard report in a browser
x scorecard open github.com/owner/repo
Checklist
- Confirm the target repository URL or package name.
- Verify if the user needs a summary or a detailed check breakdown.
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
x-cmd/skill
pufferlib
High-performance reinforcement learning framework optimized for speed and scale. Use when you need fast parallel training, vectorized environments, multi-agent systems, or integration with game environments (Atari, Procgen, NetHack). Achieves 2-10x speedups over standard implementations. For quick prototyping or standard algorithm implementations with extensive documentation, use stable-baselines3 instead.
x-cmd/skill
fluidsim
Framework for computational fluid dynamics simulations using Python. Use when running fluid dynamics simulations including Navier-Stokes equations (2D/3D), shallow water equations, stratified flows, or when analyzing turbulence, vortex dynamics, or geophysical flows. Provides pseudospectral methods with FFT, HPC support, and comprehensive output analysis.
x-cmd/skill
metabolomics-workbench-database
Access NIH Metabolomics Workbench via REST API (4,200+ studies). Query metabolites, RefMet nomenclature, MS/NMR data, m/z searches, study metadata, for metabolomics and biomarker discovery.
x-cmd/skill
geniml
This skill should be used when working with genomic interval data (BED files) for machine learning tasks. Use for training region embeddings (Region2Vec, BEDspace), single-cell ATAC-seq analysis (scEmbed), building consensus peaks (universes), or any ML-based analysis of genomic regions. Applies to BED file collections, scATAC-seq data, chromatin accessibility datasets, and region-based genomic feature learning.
x-cmd/skill
zinc-database
Access ZINC (230M+ purchasable compounds). Search by ZINC ID/SMILES, similarity searches, 3D-ready structures for docking, analog discovery, for virtual screening and drug discovery.
x-cmd/skill
astropy
Comprehensive Python library for astronomy and astrophysics. This skill should be used when working with astronomical data including celestial coordinates, physical units, FITS files, cosmological calculations, time systems, tables, world coordinate systems (WCS), and astronomical data analysis. Use when tasks involve coordinate transformations, unit conversions, FITS file manipulation, cosmological distance calculations, time scale conversions, or astronomical data processing.
Didn't find tool you were looking for?