Score breakdown
Popularity is tracked separately. Support, ads, sponsorships, and tips never affect these signals.
Why it matters
Useful for security and platform teams that are already experimenting with sandboxed agents and want a stronger answer to evidence, provenance, and post-run review than ordinary logs can provide.
Who should use it
Who should skip it
Skip ByteYellow/AgentProvenance if the source link, documentation, or setup requirements do not align with your current workflow or stack.
About this signal
ByteYellow/AgentProvenance is tracked by RepoRadar as a developer tool in the Security / Governance section. It was first seen on 2026-07-01 and last updated on 2026-07-01. The current verdict is 'worth watch' with a Silver tier and advanced setup difficulty. ByteYellow/AgentProvenance leads on open-source/build quality (8.4) and workflow potential (8.1); its lowest signal is setup ease (4.2), so factor that in before investing setup time. This page summarizes the evidence RepoRadar has captured from captured source metadata. The score, tier, risk label, and verdict on this page are never influenced by sponsorship, ads, or tips — they reflect only the usefulness, popularity, novelty, momentum, maturity, and evidence signals described in the RepoRadar methodology.
How this item is evaluated
RepoRadar assigned ByteYellow/AgentProvenance a composite score of 7.7 out of 10, placing it in the Silver tier. This score combines weighted sub-signals: usefulness (35%), novelty (18%), momentum (14%), maturity (10%), open-source/build quality (7%), evidence quality (6%), workflow potential (6%), and setup ease (4%). Popularity is tracked separately at 1.0 and never affects the composite score or tier. The risk label of 'conditional' reflects inherent user-impacting hazards, not generic novelty. Items with no risk flag may still require normal code review before production use.
Putting this into practice? Read How to vet an AI agent or MCP server before you wire it in for the checklist behind this score.
Risk explanation
It is designed to capture runtime evidence, file diffs, and telemetry around agent executions, so first evaluation should stay away from sensitive production workloads; Its strongest value depends on a broader sandbox and telemetry stack, so verify the integration fit before you commit to it as your provenance layer.
