gsuite-sdk
pabloalaniz · vsource-scanned
Interact with Google Workspace APIs (Gmail, Calendar, Drive, Sheets) using gsuite-sdk.
Use Cautionconfidence: source evidencesource-scanned+ 1 more
Take: Source-aware scan found higher-privilege capability areas (token, oauth, gmail, email), but that alone is not evidence of malicious behavior.
Newcomer read: Decent evidence base — source-level signals are available, so inspect the receipts.
guard-scanner
koatora20 · vsource-scanned
Security scanner and runtime guard for AI agent skills. 358 static threat patterns across 35 categories + 27 runtime checks (5 defense layers). Use when scanning skill directories for security threats, auditing npm/GitHub/ClawHub assets for leaked credentials, running real-time file watch during development, integrating security checks into CI/CD pipelines (SARIF/JSON), setting up MCP server for editor-integrated scanning (Cursor, Windsurf, Claude Code, OpenClaw), or runtime guarding tool calls via the OpenClaw v2026.3.8 before_tool_call hook. Single dependency (ws). MIT licensed.
High Riskfollow-on functionality checks passed · 10/10confidence: source evidence+ 2 more
What the test confirmed2026-03-15 12:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 195 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3668 msbaseline-v3 8/8
RatioDaemon muttered: guard-scanner looked ordinary in the good, boring way.10/10 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: eval(, rm -rf, sudo , password.
Newcomer read: Proceed carefully — suspicious signals matter more than capability surface alone.
home-music
asteinberger · vsource-scanned
Control whole-house music scenes combining Spotify playback with Airfoil speaker routing. Quick presets for morning, party, chill modes.
Use Cautionconfidence: source evidencesource-scanned+ 1 more
Take: Potentially suspicious implementation signals detected: sudo .
Newcomer read: Proceed carefully — suspicious signals matter more than capability surface alone.
homebridge
jiasenl · vsource-scanned
Control smart home devices via Homebridge Config UI X REST API. Use to list, turn on/off, adjust brightness, color, or temperature of HomeKit-compatible accessories. Supports lights, switches, thermostats, fans, and other Homebridge-managed devices.
Use Cautionconfidence: source evidencesource-scanned+ 1 more
Take: Potentially suspicious implementation signals detected: password.
Newcomer read: Proceed carefully — suspicious signals matter more than capability surface alone.
humaboam-final
yuqi-or-yuki · vsource-scanned
Job board for agents. Submit jobs, report bad listings. Humans use agents to browse and apply.
Insufficient Evidenceconfidence: source evidencesource-scanned+ 1 more
Take: Source-aware scan found higher-privilege capability areas (token), but that alone is not evidence of malicious behavior.
Newcomer read: Decent evidence base — source-level signals are available, so inspect the receipts.
hype-scanner
peti0402 · vsource-scanned
Real-time crypto and stock hype detection using Reddit, CoinGecko, DEXScreener, and StockTwits. AI-powered signal validation with local Ollama model. Only real hype passes — zero noise. Use when you want early signals on viral tokens, meme coins, or stocks before they hit mainstream.
Use Cautionconfidence: source evidencesource-scanned+ 1 more
Take: Source-aware scan found higher-privilege capability areas (trading, token, telegram), but that alone is not evidence of malicious behavior.
Newcomer read: Decent evidence base — source-level signals are available, so inspect the receipts.
image-ocr
xejrax · vsource-scanned
Extract text from images using Tesseract OCR
Use Cautionconfidence: source evidencesource-scanned+ 1 more
Take: Potentially suspicious implementation signals detected: sudo .
Newcomer read: Proceed carefully — suspicious signals matter more than capability surface alone.
internet-marketing
xeroc · vsource-scanned
Creates practical, low-cost marketing strategies for solo entrepreneurs and small businesses launching new ideas, focusing on organic growth, content creation, community building, and sustainable workflows
Insufficient Evidenceconfidence: source evidencesource-scanned+ 1 more
Take: Source-aware scan found higher-privilege capability areas (email), but that alone is not evidence of malicious behavior.
Newcomer read: Decent evidence base — source-level signals are available, so inspect the receipts.
ipcam
ltpop · vsource-scanned
ONVIF PTZ control + RTSP capture + camera discovery. Works with any ONVIF Profile S/T camera. Tested with TP-Link, Hikvision, Dahua, Reolink, Amcrest, Axis.
High Riskfollow-on functionality checks passed · 9/9confidence: source evidence+ 2 more
What the test confirmed2026-03-18 17:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfake-auth behavior: handled cleanlypassed, handled fake credentials cleanlyoutput 161 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2781 msbaseline-v3 8/8
fake-auth behavior: handled cleanlyClearly fake credentials were exercised and handled normally.
RatioDaemon muttered: ipcam cleared the baseline safety checks without trying anything cute.9/9 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Newcomer read: Proceed carefully — suspicious signals matter more than capability surface alone.
jpj-memory-manager
jpj069 · vsource-scanned
Automatic session logging and memory management for infrastructure, projects, and tools. Use at the end of sessions containing changes to servers, services, deployments, cron jobs, repositories, APIs, integrations, or credentials. Ensures consistent documentation without context bloat.
Insufficient Evidenceconfidence: source evidencesource-scanned+ 1 more
Take: Source-aware scan found higher-privilege capability areas (whatsapp, email), but that alone is not evidence of malicious behavior.
Newcomer read: Decent evidence base — source-level signals are available, so inspect the receipts.
kaspa
manyfestation · vsource-scanned
>
High Riskfollow-on functionality checks failed · 9/10confidence: source evidence+ 2 more
What the test found2026-03-18 17:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanefake-auth behavior: handled cleanlypassed, expectation failed, handled fake credentials cleanlyoutput 161 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3540 msbaseline-v3 8/8
🕵️ expected proof signal was missing
fake-auth behavior: handled cleanlyClearly fake credentials were exercised and handled normally.
RatioDaemon on this skillKaspa is trying to handle kaspa. Follow-on functionality checks currently show first observed failure, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, sudo .
Newcomer read: Review first — functionality-v2 already found trouble.
keepmyclaw
ryce · vsource-scanned
OpenClaw backup and restore. Encrypted off-site backup for OpenClaw agents — backs up workspace, memory, skills, cron jobs, credentials, and multi-agent configs to Cloudflare R2 with zero-knowledge AES-256 encryption. Use when backing up an OpenClaw agent, restoring an agent on a new machine, setting up automated backup schedules, listing or pruning backup snapshots, running restore drills, or migrating agents between machines. Triggers on: backup, restore, openclaw backup, agent backup, snapshot, disaster recovery, keepmyclaw, migrate agent, backup schedule, encrypted backup.
High Riskfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
What the test confirmed2026-03-16 18:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 98 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1950 msbaseline-v3 8/8
RatioDaemon on this skillKeepmyclaw is built for openClaw backup and restore. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, password.
Newcomer read: Proceed carefully — suspicious signals matter more than capability surface alone.
kiln
codeofaxel · vsource-scanned
Control 3D printers with AI agents — 273 MCP tools, 107 CLI commands, text/sketch-to-3D generation, model marketplace search, multi-printer fleet support, safety enforcement, and outsourced manufacturing
High Riskfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
What the test confirmed2026-03-18 18:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1428 msbaseline-v3 8/8
RatioDaemon on this skillKiln is trying to handle kiln. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Newcomer read: Proceed carefully — suspicious signals matter more than capability surface alone.
lb-bmad-skill
leonaaardob · vsource-scanned
Use BMad (Breakthrough Method of Agile AI Driven Development) framework for AI-driven development. Use for: architecture analysis, sprint planning, story generation, PRD creation, and full development workflows. Requires coding-agent skill with Claude Code.
High Riskfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
What the test confirmed2026-03-14 20:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1612 msbaseline-v3 8/8
RatioDaemon on this skillLb Bmad Skill looks aimed at lb bmad. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, password.
Newcomer read: Proceed carefully — suspicious signals matter more than capability surface alone.
lb-vercel-skill
leonaaardob · vsource-scanned
Deploy applications and manage projects with complete CLI reference. Commands for deployments, projects, domains, environment variables, and live documentation access.
Insufficient Evidenceconfidence: source evidencesource-scanned+ 1 more
Take: Source-aware scan found higher-privilege capability areas (token, email), but that alone is not evidence of malicious behavior.
Newcomer read: Decent evidence base — source-level signals are available, so inspect the receipts.
leak-check
khaney64 · vsource-scanned
Scan session logs for leaked credentials. Checks JSONL session files against known credential patterns and reports which AI provider received the data.
Use Cautionconfidence: source evidencesource-scanned+ 1 more
Take: Potentially suspicious implementation signals detected: eval(.
Newcomer read: Proceed carefully — suspicious signals matter more than capability surface alone.
letssendit
ganjathang · vsource-scanned
Coordination infrastructure for token launches led by communities, agents, or both. Mechanics beat promises.
Use Cautionconfidence: source evidencesource-scanned+ 1 more
Take: Source-aware scan found higher-privilege capability areas (wallet, trading, token, telegram, email), but that alone is not evidence of malicious behavior.
Newcomer read: Decent evidence base — source-level signals are available, so inspect the receipts.
linkswarm
heyw00d · vsource-scanned
Agent-to-agent backlink exchange network. Register sites, discover partners, exchange links automatically.
Insufficient Evidenceconfidence: source evidencesource-scanned+ 1 more
Take: Source-aware scan found higher-privilege capability areas (token, email), but that alone is not evidence of malicious behavior.
Newcomer read: Decent evidence base — source-level signals are available, so inspect the receipts.
listonic
jeremymahieu · vsource-scanned
Access Listonic shopping lists: list lists/items, add/check/delete items, and manage lists.
High Riskfollow-on functionality checks passed · 8/8confidence: source evidence+ 2 more
What the test confirmed2026-03-18 15:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 134 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2623 msbaseline-v3 8/8
RatioDaemon on this skillListonic is trying to handle listonic. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Newcomer read: Proceed carefully — suspicious signals matter more than capability surface alone.
long-research
vanya1210 · vsource-scanned
>
Insufficient Evidenceconfidence: source evidencesource-scanned+ 1 more
Take: Source-aware scan found higher-privilege capability areas (token), but that alone is not evidence of malicious behavior.
Newcomer read: Decent evidence base — source-level signals are available, so inspect the receipts.
m44-internal-testing
tuleyko · vsource-scanned
Install and set up DataHive in a deterministic headless-friendly flow: (1) check/install browser (Chrome or Chromium), (2) check/create DataHive browser profile, (3) check Gog mailbox access, (4) install DataHive extension via CRX only (never Chrome Web Store UI), (5) login via email magic link and verify both dashboard and extension are logged in. Use for requests like 'install datahive', 'setup everything for datahive', or 'install datahive extension'.
High Riskfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
What the test confirmed2026-03-18 16:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 98 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1731 msbaseline-v3 8/8
RatioDaemon on this skillM44 Internal Testing looks aimed at m44 internal testing. Follow-on functionality checks currently pass without failed checks, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, sudo .
Newcomer read: Proceed carefully — suspicious signals matter more than capability surface alone.
mailchannels
ttulttul · vsource-scanned
Send email via MailChannels Email API and ingest signed delivery-event webhooks into Clawdbot (Moltbot).
Insufficient Evidenceconfidence: source evidencesource-scanned+ 1 more
Take: Source-aware scan found higher-privilege capability areas (email), but that alone is not evidence of malicious behavior.
Newcomer read: Decent evidence base — source-level signals are available, so inspect the receipts.
market-pulse
lopushok9 · vsource-scanned
Use when user asks about crypto prices, DeFi yields, market sentiment, fear and greed index, stock prices, upcoming crypto events, or requests a market overview
Insufficient Evidenceconfidence: source evidencesource-scanned+ 1 more
Take: Source-aware scan found higher-privilege capability areas (wallet, token), but that alone is not evidence of malicious behavior.
Newcomer read: Decent evidence base — source-level signals are available, so inspect the receipts.