Service card
GitHub API
github.com · Free
APIMCPoauthfree
Verified outcome telemetry
Probe + outcome evidence. Blank fields are honest gaps, not zeros.
Evidence for GitHub API| Attestation | Seed (curated, not yet probed) |
|---|
| p50 latency | Not yet probed |
|---|
| p95 latency | Not yet probed |
|---|
| Success rate | Not yet probed |
|---|
| Schema conformance | Not yet probed |
|---|
| Idempotency | unknown |
|---|
| Replay safety | unknown |
|---|
| Last probe | Not yet probed |
|---|
Policy flags
external_networkstores_datacode_execution
Operator review checklist
Derived from service-card facts. These prompts guide review; they do not create benchmark evidence.
Source and route-surface drift
Use when endpoint surfaces, marketplace snapshots, or seller-controlled catalogs may change route decisions.
Endpoint URL is route-decision material.MCP availability can change independently from provider count.
Source and route-surface drift field prompts| source_name | Tie vendor claims to the feed or directory that made them. |
|---|
| source_service_count | Capture catalog size at review time. |
|---|
| source_endpoint_count | Detect callable-surface changes without a service-count change. |
|---|
| stackbroker_first_seen | Separate Stackbroker observation from vendor labels. |
|---|
| last_verified_route_surface | Mark the last date the callable surface was checked. |
|---|
| source_churn_summary | Summarize added, removed, or materially changed endpoints. |
|---|
| seller_controlled_ranking_risk | Flag when discovery, ranking, payment, and proof claims share an owner. |
|---|
- What changed since the prior snapshot: endpoints, pricing, auth, payment rail, receipt path, or policy terms?
- Can a buyer reconstruct which endpoint set was available when the route decision was made?
- Would a stale marketplace snapshot change the route decision or policy outcome?
Runtime payment skills
Use when an MCP tool, connector, wallet, or gateway can initiate or authorize spend for an agent.
MCP surface has a paid or credentialed rail.OAuth or connector custody needs revocation and approval review.
Runtime payment skills field prompts| runtime_skill_spend_surface | Distinguish payment-capable skills from ordinary service providers. |
|---|
| wallet_or_key_custody_model | Identify whether credentials are local, hosted, delegated, or user-held. |
|---|
| policy_controls | List budgets, allowlists, approval gates, rate limits, and per-task caps. |
|---|
| approval_surface | State whether spend is automatic, user-confirmed, admin-approved, or externally authorized. |
|---|
| revocation_freshness | Capture how quickly revoked permission takes effect. |
|---|
| receipt_surface | Describe transaction history, receipt URLs, signed receipts, webhooks, or audit tools. |
|---|
| payment_metadata_exposure | Flag prompt, PII, task context, or policy leakage into payment metadata. |
|---|
| security_review_required | Gate install/use until dependency, key-handling, and bypass risks are reviewed. |
|---|
- Can the skill spend without an explicit confirmation after setup?
- Which recipients, assets, networks, and facilitators are allowed by default?
- What proof does the agent receive after payment, and is it portable outside the skill?