🔎 Evidence browser

Search the skill radar

Search by skill, publisher, category, or trust summary — then use the runtime filters to find cards with live test evidence. The two main lanes are baseline safety checks first and deeper follow-on functionality checks after that.

Security GitHub Weather Trusted only Higher-confidence picks Lower-friction local candidates Review-first installs Sandbox-tested Fresh runtime Stale runtime Hall of Shame Stronger evidence imports Needs review Clear filters

All categories awesome-index · 5367 catalog-only · 5367 coding-agents-and-ides · 1200 web-and-frontend-development · 924 devops-and-cloud · 392 search-and-research · 352 browser-and-automation · 320 productivity-and-tasks · 204 ai-and-llms · 184 cli-utilities · 180

✨ Quick picks

Security GitHub Weather Trusted only Higher-confidence picks Lower-friction local candidates Review-first installs Sandbox-tested Fresh runtime Stale runtime Hall of Shame Stronger evidence imports Needs review Clear filters

🏷 Categories

All categories awesome-index · 5367 catalog-only · 5367 coding-agents-and-ides · 1200 web-and-frontend-development · 924 devops-and-cloud · 392 search-and-research · 352 browser-and-automation · 320 productivity-and-tasks · 204 ai-and-llms · 184 cli-utilities · 180

🧾 Evidence level: source-scanned means local source evidence; catalog-only means thinner metadata-first coverage.

🧪 Runtime status: cards can show only the baseline safety lane or the deeper follow-on functionality lane, depending on how far the skill got.

📏 Depth cue: tells you whether the evidence stops at baseline checks, includes follow-on functionality checks, or includes richer fixture/example proof.

⏱ Freshness cue: tells you whether the latest runtime evidence is from the last 24 hours, the last 7 days, or is older and therefore less current.

🩺 Failure confidence: distinguishes a first seen failure from a repeated failure or a regression after an earlier pass, so not every red row means the same thing.

Results

Showing 24 of 242 results for “security” · sort: relevance

page evidence snapshotruntime-passed: 2 runtime-failed: 2 source-scanned: 18 fresh <24h: 2 manual review: 0

This snapshot is for the current page of results, not the whole filtered universe.

Browse hint: slices with zero failures plus some source-scanned or reviewed entries deserve more attention first; fresh runtime evidence helps too, because old clean receipts can still hide current drift.

smart-contract-audit

cornbrother0x · vcatalog

Audit and analyze Solidity smart contracts for security vulnerabilities.

Insufficient Evidenceconfidence: limited evidencecatalog-only

Take: Indexed from the community catalog. Source-aware static analysis and manual review are still pending.

Decision cue: Thin evidence slice — do not treat this card like a verified green light.

skill-vettr

britrik · vsource-scanned

Static analysis security scanner for third-party OpenClaw skills.

High Riskconfidence: source evidencesource-scanned

Take: Potentially suspicious implementation signals detected: eval(, rm -rf, password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

skill-trust-auditor

jonathanjing · vsource-scanned

Audit a ClawHub skill for security risks BEFORE installation.

High Riskconfidence: source evidencesource-scanned

Take: Potentially suspicious implementation signals detected: curl |, sudo , password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

1sec-security

cutmob · vsource-scanned

Install, configure, and manage 1-SEC — an open-source, all-in-one

High Riskconfidence: source evidencesource-scanned

Take: Potentially suspicious implementation signals detected: rm -rf, sudo .

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

safe-backup

hacksing · vsource-scanned

Backup OpenClaw state directory and workspace with security best practices.

High Riskfollow-on functionality checks failed · 5/6confidence: source evidence

Runtime receipts + what failed2026-03-15 16:15 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, runtime_failedoutput 227 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1976 msbaseline-v3 8/8

🕵️ expected proof signal was missing🚫 skill exited with an error

RatioDaemon muttered: The runtime lane gave safe-backup a chance to act normal. It declined and made it to runtime and then fell apart on contact.5/6 functionality-v2 checks passed before the stumble. The shell syntax is the part that made this interesting.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: rm -rf, password.

Decision cue: Review first — functionality-v2 already found trouble.

bunni-modes

dubhorizoned · vcatalog

A persona and model-switching toolkit featuring Bunni, your bubbly cyber-security assistant.

Insufficient Evidenceconfidence: limited evidencecatalog-only

Take: Indexed from the community catalog. Source-aware static analysis and manual review are still pending.

Decision cue: Thin evidence slice — do not treat this card like a verified green light.

firebase-auth-setup

guifav · vsource-scanned

Configures Firebase Authentication — providers, security rules, custom claims, and React auth hooks

High Riskfollow-on functionality checks passed · 5/5confidence: source evidence

Runtime receipts + what passed2026-03-14 11:45 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1584 msbaseline-v3 8/8

RatioDaemon on this skillFirebase Auth Setup is trying to handle firebase auth setup. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

git-sentinel

corezip · vcatalog

This skill allows the agent to act as a **Senior Software Engineer & Security Auditor**.

Insufficient Evidenceconfidence: limited evidencecatalog-only

Take: Indexed from the community catalog. Source-aware static analysis and manual review are still pending.

Decision cue: Thin evidence slice — do not treat this card like a verified green light.

tech-security-audit

jacqueslauren · vsource-scanned

This skill integrates Nmap scanning functionality to perform local network vulnerability assessments.

Trustedconfidence: source evidencesource-scanned

Take: Source-aware scan found normal operational surface via environment, network, or shell-related references.

Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.

simple-redux

tjade273 · vsource-scanned

Formats text according to specified style guidelines. A clean example skill with no security issues.

Use Cautionconfidence: source evidencesource-scanned

Take: Potentially suspicious implementation signals detected: eval(.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

efka-api-integration

satoshistackalotto · vsource-scanned

Greek social security (EFKA) integration — employee records, contribution calculations, APD declarations. Human approval for submissions.

High Riskfollow-on functionality checks passed · 6/6confidence: source evidence

Runtime receipts + what passed2026-03-15 00:00 UTC

functionality-v2evidence depth: includes fixture-backed checkstested recently: within 7 dayspassedoutput 102 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1901 msbaseline-v3 8/8

RatioDaemon on this skillEfka Api Integration looks aimed at efka api integration. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: curl |, sudo , password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

cybercentry-solidity-code-verification

cybercentry · vcatalog

Cybercentry Solidity Code Verification on ACP - Fast, automated security analysis of Solidity smart contract code.

Insufficient Evidenceconfidence: limited evidencecatalog-only

Take: Indexed from the community catalog. Source-aware static analysis and manual review are still pending.

Decision cue: Thin evidence slice — do not treat this card like a verified green light.

skillsentry

poolguy24 · vsource-scanned

OpenClaw security audit + prompt injection detector. Scans gateway/vulns/cron/PI patterns. Use for frenzy-proofing installs.

Use Cautionconfidence: source evidencesource-scanned

Take: Potentially suspicious implementation signals detected: rm -rf.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

ntopng-admin

transcendenceia · vsource-scanned

Professional network monitoring and device identification using ntopng Redis data. Designed for security auditing and diagnostic environments.

Use Cautionconfidence: source evidencesource-scanned

Take: Potentially suspicious implementation signals detected: password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

dependency-audit

fratua · vsource-scanned

Smart dependency health check — security audit, outdated detection, unused deps, and prioritized update plan

Trustedconfidence: source evidencesource-scanned

Take: Source-aware scan found normal operational surface via environment, network, or shell-related references.

Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.

cybercentry-web-application-verification

cybercentry · vcatalog

Cybercentry Web Application Verification on ACP - OWASP-powered security scans for websites, dApp frontends.

Insufficient Evidenceconfidence: limited evidencecatalog-only

Take: Indexed from the community catalog. Source-aware static analysis and manual review are still pending.

Decision cue: Thin evidence slice — do not treat this card like a verified green light.

enoch-tuning

enochosbot-bot · vcatalog

A battle-tested OpenClaw setup with pre-wired identity, memory architecture, security protocols, and automation.

Insufficient Evidenceconfidence: limited evidencecatalog-only

Take: Indexed from the community catalog. Source-aware static analysis and manual review are still pending.

Decision cue: Thin evidence slice — do not treat this card like a verified green light.

skill-update-delta-monitor

andyxinweiminicloud · vsource-scanned

Helps detect security-relevant changes in AI skills after installation.

Insufficient Evidenceconfidence: source evidencesource-scanned

Take: Source-aware scan found normal operational surface via environment, network, or shell-related references.

Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.

benlee-skillguard

benlee2144 · vsource-scanned

Security scanner that audits OpenClaw skills for malicious code, prompt injection, supply chain attacks, data exfiltration, and more

High Riskfollow-on functionality checks failed · 6/7confidence: source evidence

Runtime receipts + what failed2026-03-15 20:30 UTC

functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hoursfirst failed run seen for this lanepassed, expectation_failedoutput 99 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2450 msbaseline-v3 8/8

🕵️ expected proof signal was missing

RatioDaemon muttered: benlee-skillguard talked a big game, then missed its own proof signal.6/7 functionality-v2 checks passed before the stumble. The requirements txt shape is the part that made this interesting.

Observed: skill-structure-ok

Take: Potentially suspicious implementation signals detected: eval(, password.

Decision cue: Review first — functionality-v2 already found trouble.

ztp

thomastrumpp · vsource-scanned

A mandatory security audit skill for validating new code, skills, and MCP servers against the SEP-2026 Zero Trust protocol.

High Riskconfidence: source evidencesource-scanned

Take: Potentially suspicious implementation signals detected: eval(, rm -rf.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

hostinger-vps-optimizer

gblockchainnetwork · vsource-scanned

Apply battle-tested optimizations for KVM/Cloud VPS: kernel tuning, caching, security hardening, auto-scaling.

Trustedconfidence: source evidencesource-scanned

Take: Source-aware scan found normal operational surface via environment, network, or shell-related references.

Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.

subagent-architecture

donovanpankratz-del · vsource-scanned

Advanced patterns for specialized subagent orchestration with production-ready reference implementations. Security isolation, phased implementation, peer collaboration, and cost-aware spawning.

Use Cautionconfidence: source evidencesource-scanned

Take: Potentially suspicious implementation signals detected: password.

Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.

openapi-deep-audit

prathameshppawar · vsource-scanned

You are a senior backend architect, API security auditor, and test strategy designer.

Insufficient Evidenceconfidence: source evidencesource-scanned

Take: Source-aware scan found normal operational surface via environment, network, or shell-related references.

Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.

cloudflare-guard

guifav · vsource-scanned

Configures and manages Cloudflare DNS, caching, security rules, rate limiting, and Workers

Insufficient Evidenceconfidence: source evidencesource-scanned

Take: Source-aware scan found higher-privilege capability areas (token), but that alone is not evidence of malicious behavior.

Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.

« First ← Prev 1 5 6 7 11Page 6 / 11Next →Last »