{"id":"yeasy-ask","name":"ask","homepage":null,"repo_url":"https://github.com/yeasy/ask","category":"infrastructure","subcategories":[],"tags":["agent-skills","cli","security-scanning","version-locking","offline-mode","dependency-auditing","web-ui","desktop-app"],"what_it_does":"ASK (Agent Skills Kit) is a Go-based CLI (and optional web/desktop UI) for managing “agent skills” from multiple sources. It installs/uninstalls skills, syncs them across multiple agent products (e.g., Claude, Cursor, Codex, Copilot, Windsurf, Gemini CLI, OpenClaw), supports version locking via an ask.lock file, and provides a security scanning/audit workflow plus offline/private-repo support.","use_cases":["Keeping skill installations synchronized across multiple agent platforms","Reproducible skill installs in CI/CD using a lock file","Auditing third-party skill repositories with automated security rules and SARIF-style output","Managing skill sources (adding repositories and syncing local caches)","Generating agent system prompt materials (e.g., via ask skill prompt)"],"not_for":["A hosted API for programmatic skill management as a service (it appears primarily CLI-driven)","Use cases requiring formal, externally documented REST/GraphQL contracts for third-party integrations","Environments where any downloading/syncing from public sources is disallowed without strong allowlisting"],"best_when":"You want one consistent, version-locked set of third-party agent skills across multiple agent tools, and you value a built-in security scanning/audit step during install/update.","avoid_when":"You need a stable, well-specified public HTTP API for integrations; you only want to manage skills for a single agent ecosystem without cross-tool synchronization needs.","alternatives":["Manual per-agent skill installation (no centralized lockfile/sync)","Claude/Cursor-native skill/rules management (no cross-agent sync)","Other community skill managers or custom scripts per agent platform"],"af_score":40.5,"security_score":38.8,"reliability_score":30.0,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:38:25.165584+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Authentication details for accessing skill sources/endpoints are not specified in the provided README."],"oauth":false,"scopes":false,"notes":"The README does not describe an external authentication mechanism (OAuth/API keys/scopes) for ASK itself. Usage appears to be local (CLI) and pulls from repositories; private repo support likely requires credentials, but details are not provided in the supplied content."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing or paid tiers are described in the provided README; repository/license indicates an open-source tool (MIT), but hosting costs (if any) are not covered."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":40.5,"security_score":38.8,"reliability_score":30.0,"mcp_server_quality":0.0,"documentation_accuracy":65.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":80.0,"rate_limit_clarity":0.0,"tls_enforcement":60.0,"auth_strength":40.0,"scope_granularity":0.0,"dependency_hygiene":45.0,"secret_handling":50.0,"security_notes":"The README claims a built-in security scanner (26+ rules) with SARIF output and mentions offline mode, private repo support, source whitelists, and HTML audit reports. However, the provided content does not specify how TLS is enforced, how credentials/secrets are stored or redacted, what dependency scanning cadence is used, or how scanner findings are prevented from being silently ignored—so scores reflect partial/marketing-level evidence.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":40.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["This tool appears to be CLI-based; agent integrations that expect a stable HTTP API may require custom wrapping.","Skill installs from third-party repositories can carry risk; rely on the documented security scan workflow before deploying to agents."]}}