benlee-skillguard
benlee2144 · vsource-scanned
Security scanner that audits OpenClaw skills for malicious code, prompt injection, supply chain attacks, data exfiltration, and more
High Riskfollow-on functionality checks failed · 6/7confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 20:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, expectation_failedoutput 99 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2450 msbaseline-v3 8/8
🕵️ expected proof signal was missing
RatioDaemon muttered: benlee-skillguard talked a big game, then missed its own proof signal.6/7 functionality-v2 checks passed before the stumble. The requirements txt shape is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: eval(, password.
Decision cue: Review first — functionality-v2 already found trouble.
bloom-taste-finder
unicornbloom · vsource-scanned
Bloom Taste Finder — discover your builder taste across 4 spectrums and get a personalized tool stack. For indie devs, vibe coders, and AI builders.
High Riskbaseline safety checks failed · 7/8confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 20:00 UTC
baseline-v3evidence depth: baseline checks onlytested recently: within 24 hoursfirst failed run seen for this laneexpectation_failed, passedoutput 654 Bartifacts 2worker oc-sandboxsource stage: fresh copysuite 2299 ms
🕵️ expected proof signal was missing
RatioDaemon muttered: bloom-taste-finder talked a big game, then missed its own proof signal, which is not ideal for a skill asking to be trusted.7/8 baseline-v3 checks passed before the stumble. The source-mount check is the part that made this interesting.
Observed: 12 /workspace/source-files.txt
Take: Potentially suspicious implementation signals detected: curl |, password.
Decision cue: Review first — baseline-v3 already found trouble.
crypto-genie
princedoss77 · vsource-scanned
AI-powered cryptocurrency safety assistant with database-first architecture. Protects users from phishing, honeypots, rug pulls, and ponzi schemes. No external API calls during checks!
High Riskfollow-on functionality checks failed · 9/11confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 20:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, expectation_failed, runtime_failedoutput 171 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 4203 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: crypto-genie talked a big game, then missed its own proof signal.9/11 functionality-v2 checks passed before the stumble. The requirements txt shape is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Review first — functionality-v2 already found trouble.
crypto-address-checker
princedoss77 · vsource-scanned
Real-time cryptocurrency scam detection with database-first architecture. Protects users from phishing, honeypots, rug pulls, and ponzi schemes. No external API calls during checks!
High Riskfollow-on functionality checks failed · 9/11confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 23:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, expectation_failed, runtime_failedoutput 171 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 4221 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: crypto-address-checker talked a big game, then missed its own proof signal.9/11 functionality-v2 checks passed before the stumble. The requirements txt shape is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Review first — functionality-v2 already found trouble.
crypto-scam-detector
princedoss77 · vsource-scanned
Real-time cryptocurrency scam detection with database-first architecture. Protects users from phishing, honeypots, rug pulls, and ponzi schemes. No external API calls during checks!
High Riskfollow-on functionality checks failed · 9/12confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-16 01:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, expectation_failed, runtime_failed, crashed_with_fake_credentialsoutput 171 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 5112 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: The runtime lane gave crypto-scam-detector a chance to act normal. It declined and talked a big game, then missed its own proof signal.9/12 functionality-v2 checks passed before the stumble. The requirements txt shape is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Review first — functionality-v2 already found trouble.
janitor
sarthib7 · vsource-scanned
**Janitor** is an intelligent cleanup and session management skill for OpenClaw AI agents. It automatically manages cache, optimizes memory usage, and **prevents context overflow** by monitoring token usage and intelligently pruning old sessions.
High Riskfollow-on functionality checks failed · 8/9confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 01:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 daysfirst failed run seen for this lanepassed, runtime_failedoutput 427 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3026 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: janitor made it to runtime and then fell apart on contact.8/9 functionality-v2 checks passed before the stumble. The node help is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, sudo .
Decision cue: Review first — functionality-v2 already found trouble.
guava-guard
koatora20 · vsource-scanned
Runtime security guard + scanner for OpenClaw agents. Part of the guard-scanner ecosystem. Detects reverse shells, credential theft, and sandbox escapes in real-time. For full static scanning with 150+ patterns, install guard-scanner.
High Riskfollow-on functionality checks failed · 5/6confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 09:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 314 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1922 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon on this skillGuava Guard is built for runtime security guard + scanner for OpenClaw agents. Functionality-v2 is currently first observed failure, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Review first — functionality-v2 already found trouble.
bloom-identity-skill
unicornbloom · vsource-scanned
Generate Bloom Identity Card from conversation history and Twitter/X data. Analyzes supporter personality through conversations (85% weight) and optionally enriched with Twitter activity (15% weight). Creates personality type (Visionary/Explorer/Cultivator/Optimizer/Innovator), recommends matching OpenClaw skills, and generates agent wallet. Use when user asks to "generate my bloom identity", "create identity card", "analyze my profile", or "discover my personality".
High Riskbaseline safety checks failed · 7/8confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 22:45 UTC
baseline-v3evidence depth: baseline checks onlytested recently: within 24 hoursfirst failed run seen for this laneexpectation_failed, passedoutput 654 Bartifacts 2worker oc-sandboxsource stage: fresh copysuite 2353 ms
🕵️ expected proof signal was missing
RatioDaemon muttered: The runtime lane gave bloom-identity-skill a chance to act normal. It declined and talked a big game, then missed its own proof signal.7/8 baseline-v3 checks passed before the stumble. The source-mount check is the part that made this interesting.
Observed: 12 /workspace/source-files.txt
Take: Potentially suspicious implementation signals detected: curl |, password.
Decision cue: Review first — baseline-v3 already found trouble.