Promptfoo

v0.1.0

Work with Promptfoo for local, repeatable LLM evals and red-team testing. Use when a request explicitly involves Promptfoo, `promptfooconfig.yaml`, Promptfoo...

⭐ 0· 0·0 current·0 all-time

bySouth American Cowboy@south-american-cowboy

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

CryptoCan make purchases

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description, SKILL.md content, reference docs, and helper scripts all align with building, validating, and scaffolding Promptfoo configs and running Promptfoo workflows. There are no unrelated environment variables, binaries, or install steps requested.

ℹ

Instruction Scope

Runtime instructions and helper scripts operate on the repository workspace (looking for promptfooconfig.yaml, .env, docs/, agents/, tools/, and top-level .txt prompts) and instruct creating or validating Promptfoo configs. This is appropriate for the stated purpose, but the skill expects to read workspace files and suggests generating configs—review any generated config and existing files before running evals. The scripts do not transmit data externally themselves, but running Promptfoo/evals may contact external providers.

✓

Install Mechanism

Instruction-only skill with no install spec and no bundled third-party downloads or extracted archives. Helper scripts are small, local Python utilities that only read/write workspace files.

✓

Credentials

The skill declares no required environment variables or credentials. The SKILL.md references providers (e.g., openai) conceptually, which legitimately require provider keys when you run Promptfoo; the skill itself does not request or exfiltrate credentials.

✓

Persistence & Privilege

No always:true. The skill is user-invocable and can be invoked autonomously (platform default) but does not request elevated or persistent privileges or modify other skills. Helper scripts create or overwrite promptfooconfig.yaml only with explicit options/commands.

Assessment

This skill appears to do what it says: help you scaffold, validate, and run Promptfoo configs. Before using it: (1) review any scaffolded promptfooconfig.yaml the script writes (especially if you pass --force) so you don’t accidentally commit secrets or point tests at sensitive APIs; (2) be aware that running promptfoo eval/validate (not included here) will contact model providers and require provider credentials you control—do not store API keys in repo files or generated prompt files; (3) confirm you install the actual Promptfoo CLI from its official source before running commands; and (4) if you plan red-team or live-API tests, avoid targeting internal or production endpoints without appropriate authorization. Overall the package is internally consistent and low-risk, but normal operational caution around provider keys and target endpoints still applies.

Like a lobster shell, security has layers — review code before you run it.

latestvk97egd6svtddqjd3as2wv8j3jh84a4h0

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Promptfoo

License

Comments