D
DriftLoom.ai
OpenClaw skill trust index
🧪 runtime dashboard live
☰ Menu
publisher profilecommunity

tradmangh

tradmangh publishes 7 tracked skills in DriftBot.

Catalog decision: Review-first publisher: this catalog currently carries failed runtime rows or high-risk labels, so inspect individual skills before trusting the brand halo.
7
indexed skills
59
average score
0
manual reviews
1
high-risk labels
catalog evidence snapshotbaseline-v3 coverage 2/7functionality-v2 coverage 2no manual reviews yet1 high-risk label
Read this row as a catalog snapshot: runtime coverage, deeper follow-on coverage, human review presence, and high-risk concentration before you compare individual skills.

📊 Runtime quality summary

Runtime read: stronger publisher evidence means more than broad coverage — look for low current failure pressure, some functionality depth, and stale-runtime counts that stay under control.
eligible runtime skills: 7latest touch: 30h agono current regressions
Baseline coverage
229% of eligible skills have baseline-v3 receipts
Baseline pass rate
100%2 passed · 0 currently failing
Functionality coverage
2100% of baseline-cleared skills have functionality-v2
Fixture-backed rate
0%0 functionality-v2 rows have richer fixture/example proof
Stale baseline rows
0baseline receipts older than 7 days
Functionality failures
0current failed functionality-v2 rows in the latest publisher state

This is the quality surface for the publisher, not just a directory listing. It shows how much of the catalog has real receipts, how often those receipts are passing, whether richer fixture-backed proof exists, and whether the publisher currently carries regressions, reproduced failures, or stale runtime evidence.

Latest runtime touch: 2026-03-14 19:45 UTC. Publisher-level summaries do not replace skill-level review, but they do make reputation more earned: a publisher with broader coverage, stronger pass rates, and fixture-backed proof looks different from one living on thin smoke tests.

If you want the system-wide view, open the runtime dashboard. If you want the scoring logic, read the methodology.

Fresh runtime sliceStale runtime slice
passedfunctionality-v230h ago
key-expiry-tracker
6/6 passed
passed
passedbaseline-v330h ago
key-expiry-tracker
8/8 passed
passed
passedfunctionality-v233h ago
m365-spam-manager
9/9 passed
passed
passedbaseline-v333h ago
m365-spam-manager
8/8 passed
passed

Skills from this publisher

Showing 7 of 7 skills

Label mix on this page

Trusted: 1Use Caution: 5Insufficient Evidence: 0High Risk: 1

This distribution is a quick provenance cue, not a verdict. A publisher can have a mix of safer and riskier skills, so the useful move is to compare patterns here and then open the individual scorecards.

Publisher profiles are best for spotting catalog patterns: repeated shell access, common external services, whether manual review exists, and whether higher-risk labels are isolated or widespread.

On this page: 7 source-scanned, 0 catalog-only, and 0 manually reviewed entries in the current slice.

If you want the scoring logic, read the methodology. If you want the broader landscape, go back to the full index.

m365-calendar

tradmangh · vsource-scanned
67
overall

MS365 / Microsoft365 calendar automation via Microsoft Graph for Microsoft 365 (M365) Business (work/school, Exchange Online) and M365 Home/Consumer (hotmail.com, outlook.com, live.com). Use when listing upcoming events, searching calendar entries (e.g. “Lunch”), checking attendee response status (accepted/declined/tentative), creating or updating meetings, moving events to a new time, or troubleshooting Graph/MSAL auth/token cache for calendar access. Related keywords: OneDrive, SharePoint, Exchange Online (calendar). Privacy note: no third-party API key is required; authentication is via your own Microsoft login (device code) and tokens are stored locally per profile. **Token cost:** ~600-1.5k tokens per use (skill body ~2-3k tokens, Graph calls + light parsing).

Use Cautionconfidence: source evidencesource-scanned
+ 1 more
privileged capability
Take: Source-aware scan found higher-privilege capability areas (token, oauth, email), but that alone is not evidence of malicious behavior.
Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.

m365-mailbox

tradmangh · vsource-scanned
65
overall

MS365 / Microsoft365 mailbox automation via Microsoft Graph for Microsoft 365 (M365) Business (work/school, Exchange Online) and M365 Home/Consumer (hotmail.com, outlook.com, live.com). Use when listing unread emails, searching mail, reading messages, creating drafts, editing drafts, sending email, replying, forwarding, and troubleshooting Graph/MSAL device-code authentication for mailbox access. Related keywords: Outlook, Exchange Online, IMAP alternative, OneDrive, SharePoint, Teams (via Microsoft Graph), mail, inbox. Privacy note: no third-party API key required; authentication uses your own Microsoft login (device code) and tokens are stored locally per profile. **Token cost:** ~800-2k tokens per use (skill body ~3-4k tokens, Graph calls + parsing).

Use Cautionconfidence: source evidencesource-scanned
+ 1 more
privileged capability
Take: Source-aware scan found higher-privilege capability areas (token, oauth, email), but that alone is not evidence of malicious behavior.
Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.

job-execution-monitor

tradmangh · vsource-scanned
61
overall

Monitor scheduled jobs (cron) and alert when they fail or miss their schedule.

Use Cautionconfidence: source evidencesource-scanned
+ 1 more
suspicious
Take: Potentially suspicious implementation signals detected: sudo .
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

token-monitor

tradmangh · vsource-scanned
61
overall

Monitor OpenClaw token/quota usage and alert when any quota drops below a threshold (default 20%). Uses `openclaw models status` and writes only a local state file to avoid duplicate alerts. **Does not handle secrets.** **Token cost:** Script itself: 0 tokens (pure bash). Heartbeat integration: ~1k-2k tokens/hour (reading HEARTBEAT.md + executing script). Alert delivery: ~500-1k tokens/alert. **Optimization:** Use system cron instead of heartbeat to reduce to ~0 tokens (except alerts).

Trustedconfidence: source evidencesource-scanned
+ 1 more
privileged capability
Take: Source-aware scan found higher-privilege capability areas (token), but that alone is not evidence of malicious behavior.
Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.

m365-spam-manager

tradmangh · vsource-scanned
60
overall

Microsoft 365 spam folder manager for Outlook/Exchange mailboxes. Automatically analyzes junk/spam emails, calculates a suspicious score based on structural patterns (missing unsubscribe links, poor language, suspicious domains, wrong character sets, etc.), and helps clean up the junk folder. Supports review mode (default) where user approves each action, and automatic mode for batch processing. Works with shared mailboxes via --mailbox flag. Related keywords: Outlook, Exchange Online, spam filter, junk email, phishing, email security. **Token cost:** ~500-1.5k tokens per use.

High Riskfollow-on functionality checks passed · 9/9confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what passed2026-03-14 17:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 175 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2878 msbaseline-v3 8/8
RatioDaemon on this skillM365 Spam Manager looks aimed at m365 spam manager. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

expiring-local-fileshare

tradmangh · vsource-scanned
50
overall

Lets OpenClaw safely share single files from its local workspace via expiring, tokenized HTTP links (local-network/VPN only). Hours are configurable (default 1h). Optional one-time access. **Token cost:** ~200-500 tokens per use (skill body ~1k tokens, minimal execution overhead).

Use Cautionconfidence: source evidencesource-scanned
+ 1 more
suspicious
Take: Potentially suspicious implementation signals detected: rm -rf.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

key-expiry-tracker

tradmangh · vsource-scanned
48
overall

Track **only expiry dates** (metadata) for API keys/client secrets/certificates and alert before they expire.

Use Cautionfollow-on functionality checks passed · 6/6confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what passed2026-03-14 19:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 98 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1946 msbaseline-v3 8/8
RatioDaemon on this skillKey Expiry Tracker is trying to handle key expiry tracker. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
Page 1 / 1

Trust reading guide

Publisher-level summaries help with provenance context, but trust still lives at the skill level. Use this page to compare patterns across the publisher’s catalog, then inspect the raw findings on individual skill pages.

Back to the full index