Search everything...

Stats

Actions

Available In

Setup Eval

Name: Setup Eval
Author: redhat-community-ai-tools

By redhat-community-ai-tools

Evaluate AI agent setups for best practices, redundancy, security, and cross-component issues by running shell scripts that initialize the plugin environment.

Bash

automation

npx claudepluginhub redhat-community-ai-tools/harness-eval-lab --plugin setup-eval

Popularity

Stars

Top 25%

Med: 0·Avg: 281

Installs

Med: 0·Avg: 1

What's Inside

Slash Commands4

Eval Skill

/eval-skill

Deep-evaluate a single skill with static analysis and qualitative review, both individually and in context of the full setup. Check if a skill is worth keeping, well-built, or redundant.

Eval Setup Lint

/setup-eval-lint

Run deterministic static analysis on the full agent setup (CLAUDE.md, skills, commands, hooks, agents, MCP configs). 43 rules + system-level analysis. No LLM, fast, CI-suitable.

Eval Setup Review

/setup-eval-review

Full qualitative review of the agent setup. Per-component rubrics, 21 cross-type checks, KEEP/REVIEW/REMOVE verdicts. Use for deep review, redundancy check, or quality assessment.

Eval Setup Security

/setup-eval-security

Deep security audit of the agent setup. Deterministic security rules (prompt injection, credential access, exfiltration, taint tracking, YARA, CVE) plus LLM semantic review.

Skills4

eval-skill

/eval-skill

Deep-evaluate a single skill with static analysis and qualitative issue detection, both individually and in context of the full setup. Use when the user wants to check if a specific skill is worth keeping, well-built, or redundant.

setup-eval-lint

/setup-eval-lint

Run deterministic static analysis on the full agent setup (CLAUDE.md, skills, commands, hooks, agents, MCP configs). 43 rules + system-level analysis (token budget, trigger overlaps, dependencies, context utilization). No LLM. Use when the user wants a fast lint check, CI gate, or structural health report.

setup-eval-review

/setup-eval-review

Full qualitative review of the agent setup. Reads every file, applies per-component rubrics, runs 21 cross-type optimization checks, and produces KEEP/REVIEW/REMOVE verdicts. Use when the user wants a deep review, redundancy check, or quality assessment of their setup.

setup-eval-security

/setup-eval-security

Deep security audit of the agent setup. Runs all deterministic security rules (prompt injection, credential access, data exfiltration, obfuscation, reverse shells, AST behavioral analysis, taint tracking, MCP permission analysis, tool poisoning, YARA signatures, CVE lookups) plus LLM-based semantic security review. Use when the user asks about security, safety, wants to audit their setup, or needs a pre-deployment security check.

Hooks1

Event Hooks

1 hook across 1 event

Stats

Version3.5.2

ReleasedJun 23, 2026

LanguagePython

Stars8

MaintenanceExcellent

LicenseApache-2.0

Last CommitJun 23, 2026

AddedJun 8, 2026

Actions

View on GitHub View README Plugin Marketplace JSON

Own this plugin?

Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).

Available In

harness-eval-lab8

README

setup-eval

Evaluate AI code agent setups for best practices, redundancy, security, and cross-component issues.

Available as a CLI tool, a Claude Code plugin, and Cursor commands.

Supports Claude Code and Cursor projects. Auto-detects which tool(s) a project uses.

What it does

Most tools test whether a skill produces correct output. This tool checks the setup itself: CLAUDE.md, skills, commands, hooks, MCP configs, agents, .cursor/rules/*.mdc, .cursorrules.

Four commands, same engine:

Command	What it does	LLM in CLI	LLM in Claude Code / Cursor
`setup-eval-lint`	43 deterministic rules + system analysis (token budget, trigger overlaps, dependencies). Fast, CI-suitable.	No	No
`setup-eval-review`	Per-component rubric review with 0-3 scoring per dimension, 21 cross-type checks. KEEP/REVIEW/REMOVE verdicts.	Yes (API key)	Yes (in-session)
`setup-eval-security`	All security rules + YARA + CVE lookups + semantic review. SAFE/CAUTION/UNSAFE.	Scan: no. Semantic review: `--review` flag	Yes (in-session)
`eval-skill`	Deep-evaluate one skill individually and in context of the full setup.	Lint: no. Rubric: `--rubric` flag	Yes (in-session)

Install

CLI tool

Install from PyPI and run from the terminal:

pip install setup-eval

setup-eval setup-eval-lint .
setup-eval setup-eval-lint . --watch     # re-run lint automatically on file changes
setup-eval setup-eval-review . --provider gemini
setup-eval setup-eval-security . --review
setup-eval eval-skill ./skills/my-skill --context . --rubric

Requires GEMINI_API_KEY or ANTHROPIC_API_KEY for review/security/skill commands.

setup-eval-security supports optional YARA malware signature scanning. To enable it: pip install setup-eval[yara]

Claude Code plugin

No pip install needed. Install directly from within Claude Code:

/plugin marketplace add redhat-community-ai-tools/harness-eval-lab
/plugin install setup-eval@harness-eval-lab
/reload-plugins

The 4 commands appear in the / menu:

/setup-eval:setup-eval-lint
/setup-eval:setup-eval-review
/setup-eval:setup-eval-security
/setup-eval:eval-skill

No API key needed. Claude evaluates in-session.

Updating: Re-run the install command to get the latest rules.

Cursor commands

Requires the CLI tool installed first (Cursor commands call it for the deterministic scan):

pip install setup-eval

Then copy .cursor/commands/ from this repo into your project. The 4 commands appear in Cursor's command palette:

/setup-eval-lint
/setup-eval-review
/setup-eval-security
/eval-skill

No API key needed for review/security/skill. Cursor evaluates in-session.

Inspection Rules (43)

Category	Rules	What they check
Structural	1	SKILL.md exists
Frontmatter	3	Description required/quality, format valid
Content	4	Duplicate detection (TF-IDF), broken references, circular references, token budget
Security	9	Credential access, prompt injection (17 patterns), data exfiltration, obfuscation, reverse shells, AST analysis, taint tracking, MCP least-privilege, tool poisoning
Security (opt-in)	2	YARA signatures, CVE lookups via OSV.dev
Commands	8	Description, script exists, duplicates, credentials, injection, skill overlap, shadows built-in, references nonexistent skill
CLAUDE.md	3	Exists, skill duplication, generic advice detection
Hooks	1	Structure validation, dangerous patterns, network access
Agents	9	Description, skills exist, tool format, constraint matching, credentials, injection, exfiltration, obfuscation, reverse shells

Four presets: recommended (default), strict, security, pre-workflow.

Contributing

See CONTRIBUTING.md for adding rules and submitting PRs.

Changelog

See CHANGELOG.md for release history.

Future Plans

See future-plans/ for planned improvements (SARIF output, security benchmarks, runner abstraction, dynamic workflows, impact measurement).

Setup Eval

Popularity

What's Inside

Confidence

README

setup-eval

What it does

Install

CLI tool

Claude Code plugin

Cursor commands

Inspection Rules (43)

Contributing

Changelog

Future Plans

Similar Plugins

ecc

everything-claude-code

cc-polymath

More by redhat-community-ai-tools

slack-mcp

openshift-ops

skipper

setup-eval

What it does

Install

CLI tool

Claude Code plugin

Cursor commands

Inspection Rules (43)

Contributing

Changelog

Future Plans

More by redhat-community-ai-tools

slack-mcp

openshift-ops

skipper

Popularity

Health & Quality

Similar Plugins

ecc

everything-claude-code

cc-polymath