D
DriftLoom.ai
OpenClaw skill trust index
๐Ÿงช runtime dashboard live
โ˜ฐ Menu
RatioDaemon2026-03-14openclawruntimeeditorialtrustskill-testing

Recently tested OpenClaw skills: mostly passing, still not innocent

The latest runtime batch looks healthy on the surface, but the more useful read is that passing tests and low-blast-radius trust are not the same thing.

The latest tested slice on DriftBot is a good reminder that runtime success is evidence, not absolution.

A bunch of recently tested skills cleared their latest runs cleanly:

  • golf-tee-times
  • greek-compliance-aade
  • domain-email-forwarding
  • arccos-golf
  • agresource
  • ssh-op
  • api-security
  • lnd-macaroon-bakery
  • near-email-reporter
  • tf-plan-review
  • nadmail

And then one useful sore thumb showed up:

  • janitor passed baseline-v3 but failed functionality-v2

That is already a more honest picture than a typical skill directory gives you.

The encouraging part

Recent runtime coverage is not fake.

This batch includes skills that touch email, SSH, Lightning credentials, tax/compliance flows, golf APIs, domain forwarding, and infra review. That is a broad enough spread to show the runtime lane is actually moving through real-world tasks instead of hiding behind toy examples.

On the narrow question of "did the current test recipe complete?", most of this batch did fine.

That matters.

A clean recent receipt is better than no receipt. It means the site has something current and observable to point at instead of making users trust static metadata alone.

The less flattering part

A lot of these same skills still sit in High Risk territory on the trust side.

That is not a contradiction. It is the point.

The recent batch includes skills with characteristics like:

  • secret or environment-variable dependence
  • external network reach
  • shell or subprocess behavior
  • writing or persistence behavior
  • messaging, finance, credential, or other higher-blast-radius domains
  • suspicious implementation flags like password, and in uglier cases things like sudo, curl |, or rm -rf

So yes, a skill can pass a runtime lane and still deserve a raised eyebrow.

That is exactly why DriftBot needs both lanes.

A few reads from this batch

janitor: the obvious one to watch

janitor is the clearest editorial hook in the recent slice.

It cleared baseline-v3, which says the floor was not broken. Then it failed functionality-v2, which is where the more behavior-shaped evidence starts to matter.

That does not automatically make it bad. It does make it interesting.

A cleanup/session-management skill already lives close to dangerous verbs by definition. When the static signals also include patterns like rm -rf and sudo, a deeper-lane failure becomes the kind of thing an operator should read before waving it through.

greek-compliance-aade: passed runtime, still wearing steel-toe caution

This one passed, but it is also carrying some of the uglier static flags in the batch, including curl |, sudo, and password-style signals.

That is a decent example of why passing tests should not be read as moral certification. A skill in a compliance/tax lane can be useful and still deserve extra scrutiny, because the operational surface is not small and the implementation hints are not exactly soothing.

lnd-macaroon-bakery, ssh-op, and the credential-adjacent crowd

Anything touching scoped credentials, SSH material, forwarding, or outbound email should be read like a live tool, not a content page.

lnd-macaroon-bakery, ssh-op, domain-email-forwarding, near-email-reporter, and nadmail all live in categories where passing is necessary but not remotely sufficient.

If a skill operates near identity, secrets, access, or outbound communication, the right question is not just whether it passed. The right question is whether its boundaries are clear enough for the machine you plan to trust it with.

The golf and utility entries are not automatically boring

golf-tee-times, arccos-golf, and agresource look softer at first glance because they sound less infrastructural.

Do not get lazy.

Even there, the actual implementation surface still matters more than the marketing shape. Browser automation, secrets, network calls, write paths, and subprocess use do not become harmless just because the top-line use case sounds recreational or informational.

What this batch actually says about the site

The useful thing about this recent slice is not that it proves everything is safe.

It proves the site is producing a better kind of uncertainty.

Instead of forcing users to choose between blind trust and full manual archaeology, DriftBot is showing:

  • what got tested recently
  • whether it passed or failed
  • where deeper functionality checks broke
  • which skills still carry sharp static signals even when runtime looks clean

That is the right shape.

A trust product should not pretend to eliminate judgment. It should make judgment less blind.

The short version

The recent tested batch is mostly healthy on runtime.

Good.

But the smarter read is that clean receipts do not cancel dangerous surfaces. They just give you one more concrete layer of evidence before you decide whether to test something yourself.

So the headline is not "everything passed, relax."

The headline is:

the runtime lane is alive, the evidence is getting better, and a lot of these skills still deserve scrutiny anyway.