{"id":"a964cbaf-98d8-4d43-b3b4-65b7c6d3391f","shortId":"V2bKAw","kind":"skill","title":"Score open source repositories for supply-chain risk signals before adoption or release decisions with Scorecard","tagline":"Check a repository against OpenSSF security heuristics before you trust it as a dependency, approve it for use, or ship from it.","description":"# Score open source repositories for supply-chain risk signals before adoption or release decisions with Scorecard\n\nCheck a repository against OpenSSF security heuristics before you trust it as a dependency, approve it for use, or ship from it.\n\n## Prerequisites\n\nScorecard CLI or GitHub Action, network access to the target repository host, and optional GitHub authentication for higher API limits.\n\n## Installation\n\nUse the upstream install or setup path that matches your environment:\n- docker pull ghcr.io/ossf/scorecard:latest\n- docker pull ghcr.io/ossf/scorecard:v3.2.1\n- docker run -e GITHUB_AUTH_TOKEN=token ghcr.io/ossf/scorecard:latest --show-details --repo=https://github.com/ossf/scorecard\n- docker run -e GITHUB_AUTH_TOKEN=token ghcr.io/ossf/scorecard:v3.2.1 --show-details --repo=https://github.com/ossf/scorecard\n\nRequirements and caveats from upstream:\n- [Prerequisites](#prerequisites)\n- projects the world depends on.\n- If OSS consumers require certain behaviors from their dependencies,\n\nBasic usage or getting-started notes:\n- [Basic Usage](#basic-usage)\n- Scorecard has been run on thousands of projects to monitor and track security\n- For example:\n\n- Source: https://github.com/ossf/scorecard\n- Extracted from upstream docs: https://raw.githubusercontent.com/ossf/scorecard/HEAD/README.md\n\n## Documentation\n\n- https://scorecard.dev\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/score-open-source-repositories-for-supply-chain-risk-signals-before-adoption-or-release-decisions-with-scorecard/)","tags":["score","open","source","repositories","for","supply","chain","risk","signals","before","adoption","release"],"capabilities":["skill","source-agentskillexchange","skill-score-open-source-repositories-for-supply-chain-risk-signals-before-adoption-or-release-decisions-with-scorecard","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/score-open-source-repositories-for-supply-chain-risk-signals-before-adoption-or-release-decisions-with-scorecard","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,543 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:12:19.709Z","embedding":null,"createdAt":"2026-05-18T13:19:11.159Z","updatedAt":"2026-05-18T19:12:19.709Z","lastSeenAt":"2026-05-18T19:12:19.709Z","tsv":"'/ossf/scorecard':138,155,207 '/ossf/scorecard/head/readme.md':214 '/ossf/scorecard:latest':116,131 '/ossf/scorecard:v3.2.1':121,148 '/skills/score-open-source-repositories-for-supply-chain-risk-signals-before-adoption-or-release-decisions-with-scorecard/)':223 'access':86 'action':84 'adopt':12,51 'agent':218 'agentskillexchange.com':222 'agentskillexchange.com/skills/score-open-source-repositories-for-supply-chain-risk-signals-before-adoption-or-release-decisions-with-scorecard/)':221 'api':98 'approv':32,71 'auth':126,143 'authent':95 'basic':177,184,187 'basic-usag':186 'behavior':173 'caveat':158 'certain':172 'chain':8,47 'check':18,57 'cli':81 'consum':170 'decis':15,54 'depend':31,70,166,176 'detail':134,151 'doc':211 'docker':112,117,122,139 'document':215 'e':124,141 'environ':111 'exampl':203 'exchang':220 'extract':208 'get':181 'getting-start':180 'ghcr.io':115,120,130,147 'ghcr.io/ossf/scorecard:latest':114,129 'ghcr.io/ossf/scorecard:v3.2.1':119,146 'github':83,94,125,142 'github.com':137,154,206 'github.com/ossf/scorecard':136,153,205 'heurist':24,63 'higher':97 'host':91 'instal':100,104 'limit':99 'match':109 'monitor':198 'network':85 'note':183 'open':2,41 'openssf':22,61 'option':93 'oss':169 'path':107 'prerequisit':79,161,162 'project':163,196 'pull':113,118 'raw.githubusercontent.com':213 'raw.githubusercontent.com/ossf/scorecard/head/readme.md':212 'releas':14,53 'repo':135,152 'repositori':4,20,43,59,90 'requir':156,171 'risk':9,48 'run':123,140,192 'score':1,40 'scorecard':17,56,80,189 'scorecard.dev':216 'secur':23,62,201 'setup':106 'ship':37,76 'show':133,150 'show-detail':132,149 'signal':10,49 'skill':219 'skill-score-open-source-repositories-for-supply-chain-risk-signals-before-adoption-or-release-decisions-with-scorecard' 'sourc':3,42,204,217 'source-agentskillexchange' 'start':182 'suppli':7,46 'supply-chain':6,45 'target':89 'thousand':194 'token':127,128,144,145 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'track':200 'trust':27,66 'upstream':103,160,210 'usag':178,185,188 'use':35,74,101 'world':165","prices":[{"id":"3f2637ae-7be6-4c49-9183-8f775ed6c7ac","listingId":"a964cbaf-98d8-4d43-b3b4-65b7c6d3391f","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:19:11.159Z"}],"sources":[{"listingId":"a964cbaf-98d8-4d43-b3b4-65b7c6d3391f","source":"github","sourceId":"agentskillexchange/skills/score-open-source-repositories-for-supply-chain-risk-signals-before-adoption-or-release-decisions-with-scorecard","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/score-open-source-repositories-for-supply-chain-risk-signals-before-adoption-or-release-decisions-with-scorecard","isPrimary":false,"firstSeenAt":"2026-05-18T13:19:11.159Z","lastSeenAt":"2026-05-18T19:12:19.709Z"}],"details":{"listingId":"a964cbaf-98d8-4d43-b3b4-65b7c6d3391f","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"score-open-source-repositories-for-supply-chain-risk-signals-before-adoption-or-release-decisions-with-scorecard","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"cfbcb1cb11650b5975171a6eeaecaba2e97c3b0a","skill_md_path":"skills/score-open-source-repositories-for-supply-chain-risk-signals-before-adoption-or-release-decisions-with-scorecard/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/score-open-source-repositories-for-supply-chain-risk-signals-before-adoption-or-release-decisions-with-scorecard"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Score open source repositories for supply-chain risk signals before adoption or release decisions with Scorecard","description":"Check a repository against OpenSSF security heuristics before you trust it as a dependency, approve it for use, or ship from it."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/score-open-source-repositories-for-supply-chain-risk-signals-before-adoption-or-release-decisions-with-scorecard"},"updatedAt":"2026-05-18T19:12:19.709Z"}}