D
DriftLoom.ai
OpenClaw skill trust index
πŸ§ͺ runtime dashboard live
☰ Menu
publisher profilecommunity

koatora20

koatora20 publishes 5 tracked skills in DriftBot.

Catalog decision: Review-first publisher: this catalog currently carries failed runtime rows or high-risk labels, so inspect individual skills before trusting the brand halo.
5
indexed skills
60
average score
0
manual reviews
2
high-risk labels
catalog evidence snapshotbaseline-v3 coverage 2/5functionality-v2 coverage 2no manual reviews yet2 high-risk labels
Read this row as a catalog snapshot: runtime coverage, deeper follow-on coverage, human review presence, and high-risk concentration before you compare individual skills.

πŸ“Š Runtime quality summary

Runtime read: stronger publisher evidence means more than broad coverage β€” look for low current failure pressure, some functionality depth, and stale-runtime counts that stay under control.
eligible runtime skills: 5latest touch: 13h agono current regressions
Baseline coverage
240% of eligible skills have baseline-v3 receipts
Baseline pass rate
100%2 passed Β· 0 currently failing
Functionality coverage
2100% of baseline-cleared skills have functionality-v2
Fixture-backed rate
0%0 functionality-v2 rows have richer fixture/example proof
Stale baseline rows
0baseline receipts older than 7 days
Functionality failures
1current failed functionality-v2 rows in the latest publisher state

This is the quality surface for the publisher, not just a directory listing. It shows how much of the catalog has real receipts, how often those receipts are passing, whether richer fixture-backed proof exists, and whether the publisher currently carries regressions, reproduced failures, or stale runtime evidence.

Latest runtime touch: 2026-03-15 12:00 UTC. Publisher-level summaries do not replace skill-level review, but they do make reputation more earned: a publisher with broader coverage, stronger pass rates, and fixture-backed proof looks different from one living on thin smoke tests.

If you want the system-wide view, open the runtime dashboard. If you want the scoring logic, read the methodology.

Fresh runtime sliceStale runtime slice
passedfunctionality-v213h ago
guard-scanner
10/10 passed
passed
passedbaseline-v313h ago
guard-scanner
8/8 passed
passed
failedfunctionality-v2first failed run seen for this lane15h ago
guava-guard
5/6 passed
runtime_failed
passedbaseline-v315h ago
guava-guard
8/8 passed
passed

Skills from this publisher

Showing 5 of 5 skills

Label mix on this page

Trusted: 3Use Caution: 0Insufficient Evidence: 0High Risk: 2

This distribution is a quick provenance cue, not a verdict. A publisher can have a mix of safer and riskier skills, so the useful move is to compare patterns here and then open the individual scorecards.

Publisher profiles are best for spotting catalog patterns: repeated shell access, common external services, whether manual review exists, and whether higher-risk labels are isolated or widespread.

On this page: 5 source-scanned, 0 catalog-only, and 0 manually reviewed entries in the current slice.

If you want the scoring logic, read the methodology. If you want the broader landscape, go back to the full index.

guava-memory

koatora20 Β· vsource-scanned
68
overall

Structured episodic memory with Q-value scoring. Remember what worked, forget what didn't.

Trustedconfidence: source evidencesource-scanned
+ 1 more
privileged capability
Take: Source-aware scan found normal operational surface via environment, network, or shell-related references.
Decision cue: Decent evidence base β€” source-level signals are available, so inspect the receipts.

mv-pipeline

koatora20 Β· vsource-scanned
65
overall

End-to-end automated Music Video pipeline. Covers songwriting (lyrics/composition), Suno music generation (browser automation), lyrics alignment (stable-ts), video generation (Veo 3.1 via Vertex AI or Google Flow via browser), Remotion-based editing (subtitles, effects, telops), and YouTube upload. Use when creating a full MV from scratch, or running any individual stage of the pipeline.

Trustedconfidence: source evidencesource-scanned
+ 1 more
privileged capability
Take: Source-aware scan found higher-privilege capability areas (token, oauth), but that alone is not evidence of malicious behavior.
Decision cue: Decent evidence base β€” source-level signals are available, so inspect the receipts.

guava-suite

koatora20 Β· vsource-scanned
64
overall

>

Trustedconfidence: source evidencesource-scanned
+ 1 more
privileged capability
Take: Source-aware scan found higher-privilege capability areas (wallet, token), but that alone is not evidence of malicious behavior.
Decision cue: Decent evidence base β€” source-level signals are available, so inspect the receipts.

guava-guard

koatora20 Β· vsource-scanned
53
overall

Runtime security guard + scanner for OpenClaw agents. Part of the guard-scanner ecosystem. Detects reverse shells, credential theft, and sandbox escapes in real-time. For full static scanning with 150+ patterns, install guard-scanner.

High Riskfollow-on functionality checks failed Β· 5/6confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what failed2026-03-15 09:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 314 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1922 msbaseline-v3 8/8
πŸ•΅οΈ expected proof signal was missing🚫 skill exited with an error
RatioDaemon on this skillGuava Guard is built for runtime security guard + scanner for OpenClaw agents. Functionality-v2 is currently first observed failure, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Review first β€” functionality-v2 already found trouble.

guard-scanner

koatora20 Β· vsource-scanned
49
overall

Security scanner and runtime guard for AI agent skills. 358 static threat patterns across 35 categories + 27 runtime checks (5 defense layers). Use when scanning skill directories for security threats, auditing npm/GitHub/ClawHub assets for leaked credentials, running real-time file watch during development, integrating security checks into CI/CD pipelines (SARIF/JSON), setting up MCP server for editor-integrated scanning (Cursor, Windsurf, Claude Code, OpenClaw), or runtime guarding tool calls via the OpenClaw v2026.3.8 before_tool_call hook. Single dependency (ws). MIT licensed.

High Riskfollow-on functionality checks passed Β· 10/10confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what passed2026-03-15 12:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 195 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3668 msbaseline-v3 8/8
RatioDaemon on this skillGuard Scanner is built for security scanner and runtime guard for AI agent skills. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: eval(, rm -rf, sudo , password.
Decision cue: Proceed carefully β€” suspicious signals matter more than capability surface alone.
Page 1 / 1

Trust reading guide

Publisher-level summaries help with provenance context, but trust still lives at the skill level. Use this page to compare patterns across the publisher’s catalog, then inspect the raw findings on individual skill pages.

Back to the full index