Compare skills
Pick 2–4 skills and compare what really matters: fit, risk, install effort, and community signal.
Comparison matrix
Highlights show current best; tooltip explains diff/best rules.
SAS-v2.1 diff rules / risk tag notes
Start with the matrix. Open this section when you need to understand audit grades, top threats, control gaps, and best-value highlights.
Suggested baseline
Search to add skills, or paste 2–4 comma-separated slugs.
How differences are detected
A row is marked different when selected skills have distinct values. Only-differences mode hides rows that are identical.
How best values are highlighted
Audit score, evidence confidence, trust score, and community signal prefer higher values; execution risk and install friction prefer lower values.
How to read risk tags
Risk tags come from SAS-v2.1 public-evidence signals and point to command, network, secret, context, or supply-chain items to review before install.
Selected audit signals
cymbal-air-toolbox-demo
Execution risk:High
Threat tags:unexpected code execution, data exfiltration, memory context poisoning
Control gaps:missing license, broad permissions, shell without guardrails
LookupMark Local RAG
Execution risk:High
Threat tags:unexpected code execution, identity privilege abuse, data exfiltration
Control gaps:missing license, broad permissions, shell without guardrails
agent-starter-pack
Execution risk:High
Threat tags:unexpected code execution, data exfiltration, human approval gap
Control gaps:missing license, broad permissions, shell without guardrails
| Dimension | cymbal-air-toolbox-demo | LookupMark Local RAG | agent-starter-pack |
|---|---|---|---|
| SAS-v2.1 pre-install audit | |||
Audit grade | C · Review first | D · Limited evidence | C · Review first |
Execution risk | High | High | High |
Threat tags | unexpected code execution, data exfiltration, memory context poisoning | unexpected code execution, identity privilege abuse, data exfiltration | unexpected code execution, data exfiltration, human approval gap |
Control gaps | missing license, broad permissions, shell without guardrails | missing license, broad permissions, shell without guardrails | missing license, broad permissions, shell without guardrails |
Permission summary | Permission review, Network, Command | Permission review, Network, Secrets, Command | Permission review, Network, Command |
Evidence confidence | 67% | 69% | 65% |
| Source & provenance | |||
Provenance | GoogleCloudPlatform/cymbal-air-toolbox-demo | openclaw/skills | GoogleCloudPlatform/agent-starter-pack |
Category | Knowledge & RAG | Knowledge & RAG | Agent & Tools |
Freshness | |||
| Risk & trust | |||
Trust score | 82 | 81 | 92 |
Audit signals | No explicit signals | needs credentials, network access, runs shell, writes files | metadata-only |
| Install & compatibility | |||
Supported tools | Universal | OpenClaw | Universal |
Install method | script-backed | script-backed | script-backed |
Install friction | |||
| Community | |||
Stars | 321 | 0 | 6.2K |
Repository: rag_demos
Author: dappros · Source status: Clear source
Examples of RAG (Retrieval-Augmented Generation) with Ethora, LangChain, and OpenAI.
Score basis:Clear source · Low risk signals · Universal
Repository: openclaw/skills
Author: cinience · Source status: Clear source
Use when working with OpenSearch vector search edition via the Python SDK (ha3engine) to push documents and run HA/SQL searches.
Score basis:Clear source · High risk signals · Claude
Repository: AI-QA-Retrieval-Assistant-API
Author: mvsaran · Source status: Clear source
A complete, end-to-end **Retrieval-Augmented Generation (RAG)** API server built with **Python**, **FastAPI**, **LangChain**, and **ChromaDB**.
Score basis:Clear source · Low risk signals · Universal
Repository: vertex-ai-samples
Author: GoogleCloudPlatform · Source status: Clear source
Notebooks, code samples, sample apps, and other resources that demonstrate how to use, develop and manage machine learning and generative AI workflows using Google Cloud Vertex AI.
Score basis:Clear source · Risk needs review · Universal
2026-04-08 |
2026-04-04 |
2026-04-14 |
Permission hints |
|---|
repository clone, local runtime dependencies |
verify source provenance before install |
repository clone |
40 |
65 |
75 |
