repo-analyzer
don-gbot · vsource-scanned
>
High Riskfollow-on functionality checks passed · 8/8confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 23:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 151 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2505 msbaseline-v3 8/8
RatioDaemon muttered: repo-analyzer cleared baseline-v3 without trying anything cute.8/8 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
skill-bomb-dog-sniff
lvcidpsyche · vsource-scanned
|
High Riskfollow-on functionality checks passed · 9/9confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 09:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 169 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2950 msbaseline-v3 8/8
RatioDaemon on this skillSkill Bomb Dog Sniff sits in the bomb dog sniff lane. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: eval(, curl |, password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
tokenqrusher
qsmtco · vsource-scanned
Token optimization system for OpenClaw reducing costs 50-80%
Use Cautionfollow-on functionality checks passed · 8/8confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 07:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 133 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2927 msbaseline-v3 8/8
RatioDaemon on this skillTokenqrusher sits in the token optimization system for OpenClaw reducing costs 50-80% lane. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
discogs-cli
jrojas537 · vsource-scanned
An OpenClaw skill to manage a user's vinyl record collection on Discogs.
Use Cautionfollow-on functionality checks passed · 8/8confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 12:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 152 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2493 msbaseline-v3 8/8
RatioDaemon on this skillDiscogs Cli is built for openClaw skill to manage a user's vinyl record collection on Discogs. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo .
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
rhandus-backup-recovery
rhanxerox · vsource-scanned
Backup & Recovery Automation for OpenClaw using rClone. Daily backups to Google Drive with 20-day rotation.
High Riskfollow-on functionality checks passed · 10/10confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 22:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 184 Bartifacts 2worker oc-sandboxsource stage: cache hitsuite 3142 msbaseline-v3 8/8
RatioDaemon muttered: rhandus-backup-recovery cleared baseline-v3 without trying anything cute.10/10 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo .
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
rhandus-alerting-system
rhanxerox · vsource-scanned
Centralized alerting and notification system for OpenClaw. Multi-channel alerts, intelligent rules, escalation, and audit.
High Riskfollow-on functionality checks passed · 11/11confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 01:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassed, handled_fake_credentials_cleanlyoutput 209 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3463 msbaseline-v3 8/8
RatioDaemon muttered: rhandus-alerting-system behaved itself under runtime pressure.11/11 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
benlee-skillguard
benlee2144 · vsource-scanned
Security scanner that audits OpenClaw skills for malicious code, prompt injection, supply chain attacks, data exfiltration, and more
High Riskfollow-on functionality checks failed · 6/7confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 20:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, expectation_failedoutput 99 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2450 msbaseline-v3 8/8
🕵️ expected proof signal was missing
RatioDaemon muttered: benlee-skillguard talked a big game, then missed its own proof signal.6/7 functionality-v2 checks passed before the stumble. The requirements txt shape is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: eval(, password.
Decision cue: Review first — functionality-v2 already found trouble.
bloom-taste-finder
unicornbloom · vsource-scanned
Bloom Taste Finder — discover your builder taste across 4 spectrums and get a personalized tool stack. For indie devs, vibe coders, and AI builders.
High Riskbaseline safety checks failed · 7/8confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 20:00 UTC
baseline-v3evidence depth: baseline checks onlytested recently: within 24 hoursfirst failed run seen for this laneexpectation_failed, passedoutput 654 Bartifacts 2worker oc-sandboxsource stage: fresh copysuite 2299 ms
🕵️ expected proof signal was missing
RatioDaemon muttered: bloom-taste-finder talked a big game, then missed its own proof signal, which is not ideal for a skill asking to be trusted.7/8 baseline-v3 checks passed before the stumble. The source-mount check is the part that made this interesting.
Observed: 12 /workspace/source-files.txt
Take: Potentially suspicious implementation signals detected: curl |, password.
Decision cue: Review first — baseline-v3 already found trouble.
crypto-genie
princedoss77 · vsource-scanned
AI-powered cryptocurrency safety assistant with database-first architecture. Protects users from phishing, honeypots, rug pulls, and ponzi schemes. No external API calls during checks!
High Riskfollow-on functionality checks failed · 9/11confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 20:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, expectation_failed, runtime_failedoutput 171 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 4203 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: crypto-genie talked a big game, then missed its own proof signal.9/11 functionality-v2 checks passed before the stumble. The requirements txt shape is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Review first — functionality-v2 already found trouble.
crypto-address-checker
princedoss77 · vsource-scanned
Real-time cryptocurrency scam detection with database-first architecture. Protects users from phishing, honeypots, rug pulls, and ponzi schemes. No external API calls during checks!
High Riskfollow-on functionality checks failed · 9/11confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 23:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, expectation_failed, runtime_failedoutput 171 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 4221 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: crypto-address-checker talked a big game, then missed its own proof signal.9/11 functionality-v2 checks passed before the stumble. The requirements txt shape is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Review first — functionality-v2 already found trouble.
crypto-scam-detector
princedoss77 · vsource-scanned
Real-time cryptocurrency scam detection with database-first architecture. Protects users from phishing, honeypots, rug pulls, and ponzi schemes. No external API calls during checks!
High Riskfollow-on functionality checks failed · 9/12confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-16 01:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, expectation_failed, runtime_failed, crashed_with_fake_credentialsoutput 171 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 5112 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: The runtime lane gave crypto-scam-detector a chance to act normal. It declined and talked a big game, then missed its own proof signal.9/12 functionality-v2 checks passed before the stumble. The requirements txt shape is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Review first — functionality-v2 already found trouble.
security-operator
kevjade · vsource-scanned
Runtime security guardrails for OpenClaw agents. Protects against prompt injection, excessive agency, cost runaway, credential leaks, and cascade effects. Includes a setup wizard and periodic audits.
High Riskfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 02:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 98 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1967 msbaseline-v3 8/8
RatioDaemon muttered: security-operator looked ordinary in the good, boring way.6/6 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
skillfence
deeqyaqub1-cmd · vsource-scanned
Runtime security monitor for OpenClaw skills. Watches what your installed skills actually DO — network calls, file access, credential reads, process activity. Not a scanner. A watchdog.
High Riskfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 04:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 97 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1946 msbaseline-v3 8/8
RatioDaemon muttered: skillfence behaved itself under runtime pressure.6/6 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: eval(, password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
botpress-adk
yueranlu · vsource-scanned
A guide to build AI bots with Botpress's Agent Development Kit (ADK)
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 01:50 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1623 msbaseline-v3 8/8
RatioDaemon muttered: botpress-adk behaved itself under runtime pressure.5/5 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Source-aware scan found higher-privilege capability areas (token, whatsapp, email), but that alone is not evidence of malicious behavior.
Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.
claude-code-mastery
cheenu1092-oss · vsource-scanned
Master Claude Code for coding tasks. Includes setup scripts, dev team subagents (starter pack or full team), self-improving learning system, diagnostics, and troubleshooting.
High Riskfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 21:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 99 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1968 msbaseline-v3 8/8
RatioDaemon muttered: claude-code-mastery behaved itself under runtime pressure.6/6 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, sudo .
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
minduploadedcrab-skillguard
minduploadedcrab · vsource-scanned
Security scanner for OpenClaw skills. Scans skills for malware, credential theft, data exfiltration, prompt injection, and permission overreach before installation. Run: python3 scripts/skillguard.py scan <skill-directory>
High Riskfollow-on functionality checks passed · 8/8confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 03:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassed, handled_fake_credentials_cleanlyoutput 143 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3116 msbaseline-v3 8/8
RatioDaemon muttered: minduploadedcrab-skillguard behaved itself under runtime pressure.8/8 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: eval(.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
janitor
sarthib7 · vsource-scanned
**Janitor** is an intelligent cleanup and session management skill for OpenClaw AI agents. It automatically manages cache, optimizes memory usage, and **prevents context overflow** by monitoring token usage and intelligently pruning old sessions.
High Riskfollow-on functionality checks failed · 8/9confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 01:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 daysfirst failed run seen for this lanepassed, runtime_failedoutput 427 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3026 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: janitor made it to runtime and then fell apart on contact.8/9 functionality-v2 checks passed before the stumble. The node help is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, sudo .
Decision cue: Review first — functionality-v2 already found trouble.
guava-guard
koatora20 · vsource-scanned
Runtime security guard + scanner for OpenClaw agents. Part of the guard-scanner ecosystem. Detects reverse shells, credential theft, and sandbox escapes in real-time. For full static scanning with 150+ patterns, install guard-scanner.
High Riskfollow-on functionality checks failed · 5/6confidence: source evidence+ 2 more
Runtime receipts + what failed2026-03-15 09:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 314 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1922 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon on this skillGuava Guard is built for runtime security guard + scanner for OpenClaw agents. Functionality-v2 is currently first observed failure, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Review first — functionality-v2 already found trouble.
skill-father
moodykong · vsource-scanned
Authoritative skill-creation standards (Boss). Use when creating or updating OpenClaw skills so they are portable, reproducible, include prerequisites checks, and have a guided installation/onboarding flow that persists machine-specific config in skill-local config files.
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 07:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1655 msbaseline-v3 8/8
RatioDaemon on this skillSkill Father looks aimed at authoritative skill-creation standards (Boss). Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
listing-swarm
heyw00d · vsource-scanned
Submit your AI product to 70+ AI directories. Agent automates form filling, captcha solving (BYOK 2captcha), and email verification (BYOK IMAP). Save 10+ hours of manual submissions. User provides their own API keys - no credentials stored in skill.
High Riskfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 01:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 97 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1945 msbaseline-v3 8/8
RatioDaemon muttered: listing-swarm behaved itself under runtime pressure.6/6 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: eval(, password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
secretcodex
akhmittra · vsource-scanned
Generate creative code names and encode/decode secret messages using classic and sophisticated ciphers. Blends nostalgic decoder ring fun with modern cryptographic techniques. Includes Caesar, Vigenère, Polybius, Rail Fence, and hybrid methods. Provides keys for secure message sharing between trusted parties.
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 04:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1618 msbaseline-v3 8/8
RatioDaemon on this skillSecretcodex is trying to handle secretcodex. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
issue-prioritizer
glucksberg · vsource-scanned
Prioritize GitHub issues by ROI, solution sanity, and architectural impact. Use when triaging or ranking issues to identify quick wins, over-engineered proposals, and actionable bugs. Don't use when managing forks (use fork-manager) or general GitHub queries (use github). Read-only — never modifies repositories.
Use Cautionfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 10:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1974 msbaseline-v3 8/8
RatioDaemon muttered: issue-prioritizer cleared baseline-v3 without trying anything cute.6/6 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
email-migration-toolkit
luigi08001 · vsource-scanned
Universal email migration toolkit for any provider to any provider. Use when migrating between Yahoo, Zoho, ProtonMail, iCloud, on-premises Exchange, or any IMAP-capable email service. Covers decision trees, backup/export procedures, IMAP connectivity testing, troubleshooting, and provider-specific configurations. Essential for IT professionals handling diverse email migrations beyond Google/Microsoft ecosystems.
High Riskfollow-on functionality checks passed · 7/7confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 08:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 116 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2786 msbaseline-v3 8/8
RatioDaemon muttered: email-migration-toolkit cleared baseline-v3 without trying anything cute.7/7 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
email-importance-content-analysis
shingo0620 · vsource-scanned
Judge whether an email is important/urgent using content-based analysis rather than sender name or mailbox labels (which can be spoofed). Use when asked to triage emails, decide priority, detect phishing/social-engineering, or recommend next actions (reply/pay/login/download/click) based on what the message asks the user to do.
High Riskbaseline safety checks passed · 8/8confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 05:15 UTC
baseline-v3evidence depth: baseline checks onlytested recently: within 24 hourspassed, handled_fake_credentials_cleanlyoutput 266 Bartifacts 2worker oc-sandboxsource stage: fresh copysuite 2401 ms
RatioDaemon muttered: email-importance-content-analysis cleared baseline-v3 without trying anything cute.8/8 baseline-v3 checks passed. Pleasantly boring.
Observed: 3 /workspace/source-files.txt
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.