Compose For Agents
Repository: compose-for-agents
Author: docker · Source status: Clear source
Score 82Clear source
Build and run AI agents using Docker Compose.
Score basis:Clear source · Low risk signals · Universal
Repository: aws-iot-device-sdk-embedded-C
Author: aws·Source status: Clear source
SDK for connecting to AWS IoT from a device using embedded C.
Score basis:Clear source · Low risk signals · Universal
Trust level
72 · Review first
Usable, but inspect source, install method, and risk hints before adoption.
Risk decision
No explicit risk signals
No explicit risk signal is available.
Install readiness
script-backed · copy-only command
SkillTrust only shows install guidance and copy actions; it never executes installs.
Before you install
Review source, permissions, and execution risk first, then alternatives. Scores prioritize review; they do not replace manual judgment.
Review weakest dimensions and next actions before copying commands.
Evidence or risk signals are incomplete; compare alternatives first.
Audit grade
C · Review first
Execution risk
High
Evidence confidence
65%
SAS-v2.1 radar
SAS-v2.1
Audit grade
C · Review first
Execution risk
High
Top threats
unexpected code execution, data exfiltration
Control gaps
missing license, broad permissions
Evidence confidence
65%
Repository
aws/aws-iot-device-sdk-embedded-C
Author
aws
Community signal
1K stars · 640 forks
Last updated
2026-03-26
Primary source
aws/aws-iot-device-sdk-embedded-C
Source status
Clear source
Install method
script-backed
Command & code execution
34Focus: Whether it runs commands or scripts
Next action: Manually confirm command-running skills in an isolated directory.
High-risk action confirmation
38Focus: Whether destructive or external actions require confirmation
Next action: Avoid directly installing high-risk skills without confirmation controls.
Network & data egress
43Focus: Whether it may send data out
Next action: If unsure, restrict network access or allow only known domains.
Supported tools can change install steps; Universal entries need source review.
Explicitly supported
git clone https://github.com/aws/aws-iot-device-sdk-embedded-C.gitNo explicit risk signals recorded
Review source and permissions before copying install commands.
Evidence or risk signals are incomplete; compare alternatives first.
Focus: Who published it and whether it is traceable
Next action: Review repository, author, and README first; do not install directly when source is pending.
Focus: Whether install steps can be reviewed
Next action: Prefer candidates with install docs and repository evidence.
Focus: Whether tool descriptions may hide instructions
Next action: Read README, rules, and tool descriptions before install.
Focus: What it can access
Next action: Grant only task-required permissions and prefer Ask/manual confirmation.
Focus: Whether it runs commands or scripts
Next action: Manually confirm command-running skills in an isolated directory.
Focus: Whether file reads/writes can escape scope
Next action: Check working directory and file access scope before running.
Focus: Whether it may send data out
Next action: If unsure, restrict network access or allow only known domains.
Focus: Whether it handles tokens, private keys, or agent identity
Next action: Do not provide long-lived tokens or private keys to source-pending skills.
Focus: Whether external content can steer behavior
Next action: For browser/RAG/rules skills, review permissions and confirmation controls first.
Focus: Whether memory or retrieved context can be poisoned
Next action: Try RAG/memory skills in a low-privilege environment first.
Focus: Whether external tools and MCP access are clearly bounded
Next action: Confirm which external tools it will connect to before install, and start with the smallest possible set.
Focus: Whether destructive or external actions require confirmation
Next action: Avoid directly installing high-risk skills without confirmation controls.
Focus: How far impact can spread when something goes wrong
Next action: If unsure, test in an isolated project first.
Focus: Whether actions can be traced
Next action: Prefer candidates with logs or previews.
Focus: Whether it is maintained and reusable
Next action: Check license and maintenance before organizational use.
Usable, but inspect source, install method, and risk hints before adoption.
Phase 1 only shows installation-aware, source-backed signals. SkillTrust does not execute install scripts for users.
Risk factors
No explicit risk signals.
Permission hints
repository clone, local runtime dependencies
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: agentic-ai-engineering
Author: agenticloops-ai · Source status: Clear source
Hands-on tutorials for building AI agents from scratch.
Score basis:Clear source · Low risk signals · Universal
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: inkbox
Author: inkbox-ai · Source status: Clear source
SDK, skills, and examples for Inkbox: give your AI agents identities, inboxes, phone numbers, and encrypted vaults.
Score basis:Clear source · Low risk signals · Universal
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: ArcGIS-JavaScript-AI-Component
Author: ralouta · Source status: Clear source
A production-style demo showcasing how to combine ArcGIS Maps SDK, ArcGIS Assistant agents, and a custom LangGraph agent for natural language map interaction and automated feature layer creation in ArcGIS Online or Enter
Score basis:Clear source · Risk needs review · Universal
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: bedrock-agentcore-sdk-python
Author: aws · Source status: Clear source
Python SDK for transforming any AI agent into a production-ready application.
Score basis:Clear source · Risk needs review · Universal
Why related: Keyword overlap, Same repository ecosystem...
Why related: Keyword overlap, Same repository ecosystem, Same author
Repository: aws-secretsmanager-agent
Author: aws · Source status: Clear source
The AWS Secrets Manager Agent is a local HTTP service that you can install and use in your compute environments to read secrets from Secrets Manager and cache them in memory.
Score basis:Clear source · Risk needs review · Universal
Why related: Keyword overlap, Same repository ecosystem...
Why related: Keyword overlap, Same repository ecosystem, Same author
Repository: copilot-cli
Author: aws · Source status: Clear source
AWS Copilot CLI will reach end-of-support on June 12, 2026.
Score basis:Clear source · Risk needs review · Universal
Repository: amazon-ssm-agent
Author: aws · Source status: Clear source
An agent to enable remote management of your EC2 instances, on-premises servers, or virtual machines (VMs).
Score basis:Clear source · Risk needs review · Universal
Repository: nova-act
Author: aws · Source status: Clear source
Amazon Nova Act is an AWS service for building and deploying highly reliable AI agents that automate UI-based workflows at scale.
Score basis:Clear source · Risk needs review · Universal
Repository: aws-mwaa-local-runner
Author: aws · Source status: Clear source
This repository provides a command line interface (CLI) utility that replicates an Amazon Managed Workflows for Apache Airflow (MWAA) environment locally.
Score basis:Clear source · Risk needs review · Universal