D
DriftLoom.ai
OpenClaw skill trust index
🧪 runtime dashboard live
☰ Menu
🔎 Evidence browser

Search the skill radar

Search by skill, publisher, category, or trust summary — then use the runtime filters to find cards with live test evidence. The two main lanes are baseline safety checks first and deeper follow-on functionality checks after that.

⚙️ Filters · 3 active
SecurityGitHubWeatherTrusted onlyHigher-confidence picksLower-friction local candidatesReview-first installsSandbox-testedFresh runtimeStale runtimeHall of ShameStronger evidence importsNeeds reviewClear filters
All categoriesawesome-index · 5367catalog-only · 5367coding-agents-and-ides · 1200web-and-frontend-development · 924devops-and-cloud · 392search-and-research · 352browser-and-automation · 320productivity-and-tasks · 204ai-and-llms · 184cli-utilities · 180
✨ Quick picks
SecurityGitHubWeatherTrusted onlyHigher-confidence picksLower-friction local candidatesReview-first installsSandbox-testedFresh runtimeStale runtimeHall of ShameStronger evidence importsNeeds reviewClear filters
🏷 Categories · devops-and-cloud
All categoriesawesome-index · 5367catalog-only · 5367coding-agents-and-ides · 1200web-and-frontend-development · 924devops-and-cloud · 392search-and-research · 352browser-and-automation · 320productivity-and-tasks · 204ai-and-llms · 184cli-utilities · 180

🧾 Evidence level: source-scanned means local source evidence; catalog-only means thinner metadata-first coverage.

🧪 Runtime status: cards can show only the baseline safety lane or the deeper follow-on functionality lane, depending on how far the skill got.

📏 Depth cue: tells you whether the evidence stops at baseline checks, includes follow-on functionality checks, or includes richer fixture/example proof.

⏱ Freshness cue: tells you whether the latest runtime evidence is from the last 24 hours, the last 7 days, or is older and therefore less current.

🩺 Failure confidence: distinguishes a first seen failure from a repeated failure or a regression after an earlier pass, so not every red row means the same thing.

Results

Showing 3 of 3 results for “security · runtime: passed · category: devops-and-cloud · sort: relevance
page evidence snapshotruntime-passed: 3runtime-failed: 0source-scanned: 3fresh <24h: 1manual review: 0
This snapshot is for the current page of results, not the whole filtered universe.
Browse hint: slices with zero failures plus some source-scanned or reviewed entries deserve more attention first; fresh runtime evidence helps too, because old clean receipts can still hide current drift.

ralph-security

dorukardahan · vsource-scanned
40
overall

Comprehensive security audit with 100 iterations (~30-60 min). Use when user says 'security audit', 'ralph security', 'weekly security check', 'audit this project', 'new project security review', or 'check for vulnerabilities'. Covers OWASP Top 10, auth, secrets, infrastructure, and code quality.

Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what passed2026-03-14 23:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1616 msbaseline-v3 8/8
RatioDaemon on this skillRalph Security sits in the ralph security lane. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

sovereign-project-guardian

ryudi84 · vsource-scanned
40
overall

Project health and best practices enforcer. Checks security, quality, documentation, CI/CD, and dependencies. Produces a letter grade (A-F) with actionable fixes.

Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what passed2026-03-16 04:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1624 msbaseline-v3 8/8
RatioDaemon on this skillSovereign Project Guardian looks aimed at project health and best practices enforcer. Baseline-v3 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

lightning-security-module

roasbeef · vsource-scanned
57
overall

Set up an lnd remote signer container that holds private keys separately from the agent. Exports a credentials bundle (accounts JSON, TLS cert, admin macaroon) for watch-only litd nodes. Container-first with Docker, native fallback. Use when firewalling private key material from AI agents.

High Riskfollow-on functionality checks passed · 7/7confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what passed2026-03-14 20:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 1.4 KBartifacts 0worker oc-sandboxsource stage: cache hitsuite 2217 msbaseline-v3 8/8
RatioDaemon on this skillLightning Security Module looks aimed at lightning security module. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.