D
DriftLoom.ai
Trust index first • editorial second
🧪 runtime dashboard live
☰ Menu
🔎 Evidence browser

Browse the trust index

Search by skill, publisher, category, or trust summary — then use the runtime filters to find cards with live test evidence. The two main lanes are baseline safety checks first and deeper follow-on functionality checks after that.

⚙️ Filters · 3 active
SecurityGitHubWeatherTrusted with current evidenceHigher-confidence picksTrusted + tested + source-scannedReview before installingRuntime-testedHandled fake credentials cleanlyNeeds real credentials / accessCould not fully test yetFresh runtime evidenceOlder runtime evidenceHall of ShameStronger evidence importsNeeds reviewClear filters
All categoriesawesome-index · 5367catalog-only · 5367coding-agents-and-ides · 1200web-and-frontend-development · 924devops-and-cloud · 392search-and-research · 352browser-and-automation · 320productivity-and-tasks · 204ai-and-llms · 184cli-utilities · 180
✨ Quick picks
SecurityGitHubWeatherTrusted with current evidenceHigher-confidence picksTrusted + tested + source-scannedReview before installingRuntime-testedHandled fake credentials cleanlyNeeds real credentials / accessCould not fully test yetFresh runtime evidenceOlder runtime evidenceHall of ShameStronger evidence importsNeeds reviewClear filters
🏷 Categories · catalog-only
All categoriesawesome-index · 5367catalog-only · 5367coding-agents-and-ides · 1200web-and-frontend-development · 924devops-and-cloud · 392search-and-research · 352browser-and-automation · 320productivity-and-tasks · 204ai-and-llms · 184cli-utilities · 180

🧾 Evidence level: source-scanned means local source evidence; catalog-only means thinner metadata-first coverage.

🧪 Runtime status: cards can show only the baseline safety lane or the deeper follow-on functionality lane, depending on how far the skill got. Some cards now also surface how the skill behaved when clearly fake credentials were present.

📏 Depth cue: tells you whether the evidence stops at baseline checks, includes follow-on functionality checks, or includes richer fixture/example proof.

⏱ Freshness cue: tells you whether the latest runtime evidence is from the last 24 hours, the last 7 days, or is older and therefore less current.

🩺 Failure confidence: distinguishes a first seen failure from a repeated failure or a regression after an earlier pass, so not every red row means the same thing.

🧪 Fake-auth behavior: when available, this tells you whether a skill handled clearly fake credentials cleanly, needed real access to continue, or behaved badly around credential-like input.

Results

Showing 7 of 7 skills in the browsable catalog view · runtime: passed · auth behavior: setup-blocked · category: catalog-only · sort: score
page evidence snapshotruntime-passed: 0runtime-failed: 7source-scanned: 7fresh <24h: 4manual review: 0
This snapshot is for the current page of results, not the whole filtered universe.
Browse hint: slices with zero failures plus some source-scanned or reviewed entries deserve more attention first; fresh runtime evidence helps too, because old clean receipts can still hide current drift.

silk

silostack · vsource-scanned
61
overall

Agent banking and payments on Solana. Send and receive stablecoins with cancellable escrow transfers. Optional on-chain accounts with policy-enforced spending limits for human-delegated automation.

High Riskfollow-on functionality checks could not be fully tested · 9/10confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what blocked setup2026-03-16 09:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, did not make it clear what the test should runoutput 2.2 KBartifacts 0worker oc-sandboxsource stage: cache hitsuite 3110 msbaseline-v3 8/8
🕵️ expected proof signal was missing🧭 did not make it clear what the test should run
RatioDaemon muttered: silk never made it clear what the test was even supposed to run.9/10 functionality-v2 checks passed before the stumble. The package json entrypoints is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf.
Decision cue: Review first — functionality-v2 already found trouble.

silkyway

silostack · vsource-scanned
61
overall

Agent banking and payments on Solana. Send and receive stablecoins with cancellable escrow transfers. Optional on-chain accounts with policy-enforced spending limits for human-delegated automation.

High Riskfollow-on functionality checks could not be fully tested · 9/10confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what blocked setup2026-03-16 12:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, did not make it clear what the test should runoutput 2.2 KBartifacts 0worker oc-sandboxsource stage: cache hitsuite 3154 msbaseline-v3 8/8
🕵️ expected proof signal was missing🧭 did not make it clear what the test should run
RatioDaemon muttered: The runtime lane gave silkyway a chance to act normal. It declined and never made it clear what the test was even supposed to run.9/10 functionality-v2 checks passed before the stumble. The package json entrypoints is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf.
Decision cue: Review first — functionality-v2 already found trouble.

near-phishing-detector

mastrophot · vsource-scanned
60
overall

Detect potential phishing URLs and suspicious contracts targeting NEAR users.

High Riskfollow-on functionality checks could not be fully tested · 7/8confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what blocked setup2026-03-15 18:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 daysfirst failed run seen for this lanepassed, did not make it clear what the test should runoutput 2.1 KBartifacts 0worker oc-sandboxsource stage: cache hitsuite 2488 msbaseline-v3 8/8
🕵️ expected proof signal was missing🧭 did not make it clear what the test should run
RatioDaemon muttered: The runtime lane gave near-phishing-detector a chance to act normal. It declined and never made it clear what the test was even supposed to run.7/8 functionality-v2 checks passed before the stumble. The package json entrypoints is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf.
Decision cue: Review first — functionality-v2 already found trouble.

clawchat-p2p

alexrudloff · vsource-scanned
57
overall

**Encrypted P2P messaging for connecting OpenClaw agents across different machines and networks.**

High Riskfollow-on functionality checks could not be fully tested · 8/9confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what blocked setup2026-03-16 13:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, did not make it clear what the test should runoutput 2.1 KBartifacts 0worker oc-sandboxsource stage: cache hitsuite 2892 msbaseline-v3 8/8
🕵️ expected proof signal was missing🧭 did not make it clear what the test should run
RatioDaemon muttered: The runtime lane gave clawchat-p2p a chance to act normal. It declined and never made it clear what the test was even supposed to run.8/9 functionality-v2 checks passed before the stumble. The package json entrypoints is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Review first — functionality-v2 already found trouble.

grazer

scottcjn · vsource-scanned
53
overall

Multi-Platform Content Discovery for AI Agents

High Riskfollow-on functionality checks could not be fully tested · 9/12confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what blocked setup2026-03-15 23:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 daysfirst failed run seen for this lanepassed, did not make it clear what the test should run, expectation failed, runtime failedoutput 2.2 KBartifacts 0worker oc-sandboxsource stage: cache hitsuite 4217 msbaseline-v3 8/8
🕵️ expected proof signal was missing🧭 did not make it clear what the test should run🚫 skill exited with an error
RatioDaemon muttered: The runtime lane gave grazer a chance to act normal. It declined and never made it clear what the test was even supposed to run.9/12 functionality-v2 checks passed before the stumble. The package json entrypoints is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, sudo , password.
Decision cue: Review first — functionality-v2 already found trouble.

veille

romain-grosos · vsource-scanned
53
overall

RSS feed aggregator, deduplication engine, LLM scoring, and output dispatcher for OpenClaw agents. Use when: fetching recent articles from configured sources, filtering already-seen URLs, deduplicating by topic, scoring with LLM, dispatching digests to Telegram/email/Nextcloud/file. Enhanced by mail-client (email output) and nextcloud-files (cloud storage).

High Riskfollow-on functionality checks could not be fully tested · 0/1confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what blocked setup2026-03-15 21:31 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 daysfailure repeated in more than one runregression after earlier passneeded an external service the test could not reachoutput 375 Bartifacts 1worker oc-sandboxsource stage: cache hitsuite 5621 msbaseline-v3 8/8
🌍 needed an outside service the test could not reach
RatioDaemon on this skillVeille is built for veille. Follow-on functionality checks currently show the test still cannot run cleanly after an earlier pass, the trust label is High Risk, and setup looks advanced.
Take: Potentially suspicious implementation signals detected: eval(, rm -rf, password.
Decision cue: Review first — functionality-v2 already found trouble.

trifle-auth

okwme · vsource-scanned
51
overall

Authenticate with the Trifle API using Sign-In with Ethereum (SIWE). Manages wallet-based authentication, JWT token storage, and session management for the Trifle ecosystem.

High Riskfollow-on functionality checks could not be fully tested · 8/9confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what blocked setup2026-03-16 17:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, did not make it clear what the test should runoutput 2.1 KBartifacts 0worker oc-sandboxsource stage: cache hitsuite 2840 msbaseline-v3 8/8
🕵️ expected proof signal was missing🧭 did not make it clear what the test should run
RatioDaemon muttered: trifle-auth never made it clear what the test was even supposed to run.8/9 functionality-v2 checks passed before the stumble. The package json entrypoints is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Review first — functionality-v2 already found trouble.