D
DriftLoom.ai
OpenClaw skill trust index
🧪 runtime dashboard live
☰ Menu
🔎 Evidence browser

Browse the skill radar

Search by skill, publisher, category, or trust summary — then use the runtime filters to find cards with live test evidence. The two main lanes are baseline safety checks first and deeper follow-on functionality checks after that.

⚙️ Filters · 2 active
SecurityGitHubWeatherTrusted onlyHigher-confidence picksLower-friction local candidatesReview-first installsSandbox-testedFresh runtimeStale runtimeHall of ShameStronger evidence importsNeeds reviewClear filters
All categoriesawesome-index · 5367catalog-only · 5367coding-agents-and-ides · 1200web-and-frontend-development · 924devops-and-cloud · 392search-and-research · 352browser-and-automation · 320productivity-and-tasks · 204ai-and-llms · 184cli-utilities · 180
✨ Quick picks
SecurityGitHubWeatherTrusted onlyHigher-confidence picksLower-friction local candidatesReview-first installsSandbox-testedFresh runtimeStale runtimeHall of ShameStronger evidence importsNeeds reviewClear filters
🏷 Categories · devops-and-cloud
All categoriesawesome-index · 5367catalog-only · 5367coding-agents-and-ides · 1200web-and-frontend-development · 924devops-and-cloud · 392search-and-research · 352browser-and-automation · 320productivity-and-tasks · 204ai-and-llms · 184cli-utilities · 180

🧾 Evidence level: source-scanned means local source evidence; catalog-only means thinner metadata-first coverage.

🧪 Runtime status: cards can show only the baseline safety lane or the deeper follow-on functionality lane, depending on how far the skill got.

📏 Depth cue: tells you whether the evidence stops at baseline checks, includes follow-on functionality checks, or includes richer fixture/example proof.

⏱ Freshness cue: tells you whether the latest runtime evidence is from the last 24 hours, the last 7 days, or is older and therefore less current.

🩺 Failure confidence: distinguishes a first seen failure from a repeated failure or a regression after an earlier pass, so not every red row means the same thing.

Results

Showing 5 of 29 skills in the browsable catalog view · runtime: tested · category: devops-and-cloud · sort: score
page evidence snapshotruntime-passed: 5runtime-failed: 0source-scanned: 5fresh <24h: 2manual review: 0
This snapshot is for the current page of results, not the whole filtered universe.
Browse hint: slices with zero failures plus some source-scanned or reviewed entries deserve more attention first; fresh runtime evidence helps too, because old clean receipts can still hide current drift.

azd-deployment

thegovind · vsource-scanned
39
overall

Deploy containerized applications to Azure Container Apps using Azure Developer CLI (azd). Use when setting up azd projects, writing azure.yaml configuration, creating Bicep infrastructure for Container Apps, configuring remote builds with ACR, implementing idempotent deployments, managing environment variables across local/.azure/Bicep, or troubleshooting azd up failures. Triggers on requests for azd configuration, Container Apps deployment, multi-service deployments, and infrastructure-as-code with Bicep.

High Riskfollow-on functionality checks passed · 5/5confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what passed2026-03-16 05:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1694 msbaseline-v3 8/8
RatioDaemon muttered: azd-deployment cleared baseline-v3 without trying anything cute.5/5 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

sovereign-api-hardener

ryudi84 · vsource-scanned
35
overall

Hardens API endpoints against common attacks. Covers rate limiting, input validation, auth, CORS, headers, injection prevention, error handling, and monitoring.

High Riskfollow-on functionality checks passed · 5/5confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what passed2026-03-14 17:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1626 msbaseline-v3 8/8
RatioDaemon on this skillSovereign Api Hardener sits in the hardens API endpoints against common attacks lane. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

cli-deadline-monitor

satoshistackalotto · vsource-scanned
33
overall

CLI tool for tracking Greek tax deadlines (AADE, EFKA). Real-time monitoring with configurable alerts via Slack, SMS, email, or local files.

High Riskfollow-on functionality checks passed · 6/6confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what passed2026-03-14 15:30 UTC
functionality-v2evidence depth: includes fixture-backed checkstested recently: within 7 dayspassedoutput 102 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2007 msbaseline-v3 8/8
RatioDaemon on this skillCli Deadline Monitor sits in the CLI tool for tracking Greek tax deadlines (AADE, EFKA) lane. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

makefile-build

gitgoodordietrying · vsource-scanned
31
overall

Write Makefiles for any project type. Use when setting up build automation, defining multi-target builds, managing dependencies between tasks, creating project task runners, or using Make for non-C projects (Go, Python, Docker, Node.js). Also covers Just and Task as modern alternatives.

High Riskfollow-on functionality checks passed · 5/5confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what passed2026-03-14 11:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1646 msbaseline-v3 8/8
RatioDaemon on this skillMakefile Build is trying to handle write Makefiles for any project type. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, sudo .
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

greek-email-processor

satoshistackalotto · vsource-scanned
29
overall

Email processing for Greek accounting. Connects via IMAP to scan for financial documents, AADE notices, and invoices. Routes to local pipelines.

High Riskfollow-on functionality checks passed · 6/6confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what passed2026-03-15 11:30 UTC
functionality-v2evidence depth: includes fixture-backed checkstested recently: within 24 hourspassedoutput 102 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1921 msbaseline-v3 8/8
RatioDaemon on this skillGreek Email Processor is trying to handle email processing for Greek accounting. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: curl |, sudo , password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
« First← Prev12Page 2 / 2