🔎 Evidence browser

Search the skill radar

Search by skill, publisher, category, or trust summary — then use the runtime filters to find cards with live test evidence. The two main lanes are baseline safety checks first and deeper follow-on functionality checks after that.

Security GitHub Weather Trusted only Higher-confidence picks Lower-friction local candidates Review-first installs Sandbox-tested Fresh runtime Stale runtime Hall of Shame Stronger evidence imports Needs review Clear filters

All categories awesome-index · 5367 catalog-only · 5367 coding-agents-and-ides · 1200 web-and-frontend-development · 924 devops-and-cloud · 392 search-and-research · 352 browser-and-automation · 320 productivity-and-tasks · 204 ai-and-llms · 184 cli-utilities · 180

✨ Quick picks

🏷 Categories

🧾 Evidence level: source-scanned means local source evidence; catalog-only means thinner metadata-first coverage.

🧪 Runtime status: cards can show only the baseline safety lane or the deeper follow-on functionality lane, depending on how far the skill got.

📏 Depth cue: tells you whether the evidence stops at baseline checks, includes follow-on functionality checks, or includes richer fixture/example proof.

⏱ Freshness cue: tells you whether the latest runtime evidence is from the last 24 hours, the last 7 days, or is older and therefore less current.

🩺 Failure confidence: distinguishes a first seen failure from a repeated failure or a regression after an earlier pass, so not every red row means the same thing.

Results

Showing 3 of 3 results for “1” · runtime: failed · freshness: fresh · sort: relevance

page evidence snapshotruntime-passed: 0 runtime-failed: 3 source-scanned: 3 fresh <24h: 3 manual review: 0

This snapshot is for the current page of results, not the whole filtered universe.

Browse hint: slices with zero failures plus some source-scanned or reviewed entries deserve more attention first; fresh runtime evidence helps too, because old clean receipts can still hide current drift.

privateapp

camopel · vsource-scanned

overall

Personal PWA dashboard server with plugin apps. Use when: (1) installing or setting up PrivateApp, (2) starting/stopping/restarting the service, (3) building frontends after changes, (4) adding new app plugins, (5) configuring push notifications. Requires Python 3.9+, Node.js 18+. Runs as systemd user service or launchd plist.

High Riskfollow-on functionality checks failed · 10/11confidence: source evidence

+ 2 more

Runtime receipts + what failed2026-03-15 13:30 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 184 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3976 msbaseline-v3 8/8

🕵️ expected proof signal was missing🚫 skill exited with an error

RatioDaemon on this skillPrivateapp is built for personal PWA dashboard server with plugin apps. Functionality-v2 is currently first observed failure, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: sudo .

Decision cue: Review first — functionality-v2 already found trouble.

guava-guard

koatora20 · vsource-scanned

overall

Runtime security guard + scanner for OpenClaw agents. Part of the guard-scanner ecosystem. Detects reverse shells, credential theft, and sandbox escapes in real-time. For full static scanning with 150+ patterns, install guard-scanner.

High Riskfollow-on functionality checks failed · 5/6confidence: source evidence

+ 2 more

Runtime receipts + what failed2026-03-15 09:15 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 314 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1922 msbaseline-v3 8/8

🕵️ expected proof signal was missing🚫 skill exited with an error

RatioDaemon on this skillGuava Guard is built for runtime security guard + scanner for OpenClaw agents. Functionality-v2 is currently first observed failure, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: password.

Decision cue: Review first — functionality-v2 already found trouble.

bloom-identity-skill

unicornbloom · vsource-scanned

overall

Generate Bloom Identity Card from conversation history and Twitter/X data. Analyzes supporter personality through conversations (85% weight) and optionally enriched with Twitter activity (15% weight). Creates personality type (Visionary/Explorer/Cultivator/Optimizer/Innovator), recommends matching OpenClaw skills, and generates agent wallet. Use when user asks to "generate my bloom identity", "create identity card", "analyze my profile", or "discover my personality".

High Riskbaseline safety checks failed · 7/8confidence: source evidence

+ 2 more

Runtime receipts + what failed2026-03-15 22:45 UTC

baseline-v3evidence depth: baseline checks onlytested recently: within 24 hoursfirst failed run seen for this laneexpectation_failed, passedoutput 654 Bartifacts 2worker oc-sandboxsource stage: fresh copysuite 2353 ms

🕵️ expected proof signal was missing

RatioDaemon muttered: The runtime lane gave bloom-identity-skill a chance to act normal. It declined and talked a big game, then missed its own proof signal.7/8 baseline-v3 checks passed before the stumble. The source-mount check is the part that made this interesting.

Observed: 12 /workspace/source-files.txt

Take: Potentially suspicious implementation signals detected: curl |, password.

Decision cue: Review first — baseline-v3 already found trouble.