RepoRadar
Leave a Tip
Item detail
github.com

berabuddies/Semia

RepoRadar surfaced berabuddies/Semia — a apache-2.0 security audit for ai — into the berabuddies/Semia is the Apache-2.0 security-aud section, where it sits at Gold tier with a 'try now' verdict. Its strongest signal is workflow potential, scored 9.3 out of 10.

Open source Back to radar
Score8.2
Popularity549.0
Risknone
TierGold
Score breakdown
Usefulness9.0
Novelty8.0
Momentum8.0
Maturity8.9
Open-source/build8.4
Evidence8.0
Workflow potential9.3
Setup ease8.8

Popularity is tracked separately. Support, ads, sponsorships, and tips never affect these signals.

Why it matters

Useful for **anyone installing an Agent Skill from the open ecosystem** — `semia scan ./some-skill` reads the SKILL.md as data (never executes), enumerates every action / effect / secret-read with per-line evidence, and produces a report so the reviewer knows what the skill *can* do before trusting it. Useful for **AI-tool teams maintaining an internal skill library** — Semia produces a library-wi

Who should use it

**Anyone installing an Agent Skill from the open ecosystem** — `semia scan ./some-skill` reads the SKILL.md as data (never executes), enumerates every action / effect / secret-read with per-line evidence, and produces a report so the reviewer knows what the skill *can* do before trusting it**AI-tool teams maintaining an internal skill library** — Semia produces a library-wide capability matrix so a security team can audit 'which skills read secrets, which skills open network connections, which skills can exfiltrate data' across the whole library with one CLI run**CI / supply-chain gates** — wire `semia scan` into a CI check that fails the build if a skill introduces an undocumented network call or a secret-read without a justification comment**Security researchers studying the Agent Skills ecosystem** — the per-skill evidence report makes it easy to compare capabilities across skills, identify risky patterns, and surface skills that read more than they should**Codex / Claude Code / OpenClaw users** — Semia ships native plugins for all three hosts, so the audit runs inside the agent's pre-install flow rather than as a separate terminal command**Regulated-industry agent deployments** — finance, healthcare, legal, hiring, education all need a pre-install audit trail; Semia's per-line evidence is the kind of artifact a regulator will accept**Skill authors** — running Semia on your own SKILL.md before publishing surfaces unintended capabilities (a `curl | bash` you forgot, a `~/.aws/credentials` read you did not justify) so you can fix them before shippingEvaluation: `pip install semia-audit`, `semia scan ./some-skill`, the report lands under `.semia/runs/<skill-slug>/`; the README walks through the LLM provider configuration, the plugin install paths (Codex / Claude Code / OpenClaw), and the evidence-grounding format

Who should skip it

Move on from berabuddies/Semia if the licensing terms, language support, or platform requirements do not fit your project.

About this signal

berabuddies/Semia is tracked by RepoRadar as a apache-2.0 security audit for ai in the berabuddies/Semia is the Apache-2.0 security-aud section. It was first seen on 2026-06-25 and last updated on 2026-06-25. The current verdict is 'try now' with a Gold tier and easy setup difficulty. berabuddies/Semia leads on workflow potential (9.3) and practical usefulness (9.0); its lowest signal is evidence quality (8.0), so factor that in before investing setup time. This page summarizes the evidence RepoRadar has captured from captured source metadata. The score, tier, risk label, and verdict on this page are never influenced by sponsorship, ads, or tips — they reflect only the usefulness, popularity, novelty, momentum, maturity, and evidence signals described in the RepoRadar methodology.

How this item is evaluated

RepoRadar assigned berabuddies/Semia a composite score of 8.2 out of 10, placing it in the Gold tier. This score combines weighted sub-signals: usefulness (35%), novelty (18%), momentum (14%), maturity (10%), open-source/build quality (7%), evidence quality (6%), workflow potential (6%), and setup ease (4%). Popularity is tracked separately at 549.0 and never affects the composite score or tier. The risk label of 'none' reflects inherent user-impacting hazards, not generic novelty. Items with no risk flag may still require normal code review before production use.

Putting this into practice? Read How to evaluate an AI tool before you adopt it for the checklist behind this score.

Risk explanation

No inherent user-impacting risk is flagged from the captured evidence.

Evidence links

Closest alternatives / related signals

  • No close related item is available in the current public catalog.
semiaberabuddiesagent-skillsanthropic-agent-skillsagentskills-ioskill-securityskill-auditskill-supply-chain