D
DriftLoom.ai
OpenClaw skill trust index
🧪 runtime dashboard live
☰ Menu
🔎 Evidence browser

Search the skill radar

Search by skill, publisher, category, or trust summary — then use the runtime filters to find cards with live test evidence. The two main lanes are baseline safety checks first and deeper follow-on functionality checks after that.

⚙️ Filters · 3 active
SecurityGitHubWeatherTrusted onlyHigher-confidence picksLower-friction local candidatesReview-first installsSandbox-testedFresh runtimeStale runtimeHall of ShameStronger evidence importsNeeds reviewClear filters
All categoriesawesome-index · 5367catalog-only · 5367coding-agents-and-ides · 1200web-and-frontend-development · 924devops-and-cloud · 392search-and-research · 352browser-and-automation · 320productivity-and-tasks · 204ai-and-llms · 184cli-utilities · 180
✨ Quick picks
SecurityGitHubWeatherTrusted onlyHigher-confidence picksLower-friction local candidatesReview-first installsSandbox-testedFresh runtimeStale runtimeHall of ShameStronger evidence importsNeeds reviewClear filters
🏷 Categories
All categoriesawesome-index · 5367catalog-only · 5367coding-agents-and-ides · 1200web-and-frontend-development · 924devops-and-cloud · 392search-and-research · 352browser-and-automation · 320productivity-and-tasks · 204ai-and-llms · 184cli-utilities · 180

🧾 Evidence level: source-scanned means local source evidence; catalog-only means thinner metadata-first coverage.

🧪 Runtime status: cards can show only the baseline safety lane or the deeper follow-on functionality lane, depending on how far the skill got.

📏 Depth cue: tells you whether the evidence stops at baseline checks, includes follow-on functionality checks, or includes richer fixture/example proof.

⏱ Freshness cue: tells you whether the latest runtime evidence is from the last 24 hours, the last 7 days, or is older and therefore less current.

🩺 Failure confidence: distinguishes a first seen failure from a repeated failure or a regression after an earlier pass, so not every red row means the same thing.

Results

Showing 4 of 4 results for “security · runtime: failed · freshness: fresh · sort: relevance
page evidence snapshotruntime-passed: 0runtime-failed: 4source-scanned: 4fresh <24h: 4manual review: 0
This snapshot is for the current page of results, not the whole filtered universe.
Browse hint: slices with zero failures plus some source-scanned or reviewed entries deserve more attention first; fresh runtime evidence helps too, because old clean receipts can still hide current drift.

sys-updater

spiceman161 · vsource-scanned
57
overall

Production-safe Ubuntu maintenance orchestrator: runs daily apt security updates, tracks non-security updates across apt/npm/pnpm/brew with quarantine + auto-review, applies only approved updates, rotates logs/state, and generates clear 09:00 MSK Telegram reports (including what was actually installed).

High Riskfollow-on functionality checks failed · 6/7confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what failed2026-03-15 21:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 99 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 3162 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: sys-updater made it to runtime and then fell apart on contact, which is not ideal for a skill asking to be trusted.6/7 functionality-v2 checks passed before the stumble. The python help is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Review first — functionality-v2 already found trouble.

safe-backup

hacksing · vsource-scanned
41
overall

Backup OpenClaw state directory and workspace with security best practices.

High Riskfollow-on functionality checks failed · 5/6confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what failed2026-03-15 16:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 227 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1976 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon muttered: The runtime lane gave safe-backup a chance to act normal. It declined and made it to runtime and then fell apart on contact.5/6 functionality-v2 checks passed before the stumble. The shell syntax is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: rm -rf, password.
Decision cue: Review first — functionality-v2 already found trouble.

benlee-skillguard

benlee2144 · vsource-scanned
57
overall

Security scanner that audits OpenClaw skills for malicious code, prompt injection, supply chain attacks, data exfiltration, and more

High Riskfollow-on functionality checks failed · 6/7confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what failed2026-03-15 20:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, expectation_failedoutput 99 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2450 msbaseline-v3 8/8
🕵️ expected proof signal was missing
RatioDaemon muttered: benlee-skillguard talked a big game, then missed its own proof signal.6/7 functionality-v2 checks passed before the stumble. The requirements txt shape is the part that made this interesting.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: eval(, password.
Decision cue: Review first — functionality-v2 already found trouble.

guava-guard

koatora20 · vsource-scanned
53
overall

Runtime security guard + scanner for OpenClaw agents. Part of the guard-scanner ecosystem. Detects reverse shells, credential theft, and sandbox escapes in real-time. For full static scanning with 150+ patterns, install guard-scanner.

High Riskfollow-on functionality checks failed · 5/6confidence: source evidence
+ 2 more
source-scannedsuspicious
Runtime receipts + what failed2026-03-15 09:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 314 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1922 msbaseline-v3 8/8
🕵️ expected proof signal was missing🚫 skill exited with an error
RatioDaemon on this skillGuava Guard is built for runtime security guard + scanner for OpenClaw agents. Functionality-v2 is currently first observed failure, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Review first — functionality-v2 already found trouble.