bug-audit
abczsl520 · vsource-scanned
Comprehensive bug audit for Node.js web projects. Activate when user asks to audit, review, check bugs, find vulnerabilities, or do security/quality review on a project. Works by dissecting the project's actual code to build project-specific check matrices, then exhaustively verifying each item — not by running a generic checklist. Supports games, data tools, WeChat apps, API services, bots, and dashboards.
High Riskfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 06:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1710 msbaseline-v3 8/8
RatioDaemon muttered: bug-audit behaved itself under runtime pressure.5/5 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: eval(, password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
firebase-auth-setup
guifav · vsource-scanned
Configures Firebase Authentication — providers, security rules, custom claims, and React auth hooks
High Riskfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-14 11:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1584 msbaseline-v3 8/8
RatioDaemon on this skillFirebase Auth Setup is trying to handle firebase auth setup. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
google-docs-skill
zagran · vsource-scanned
Direct access to the Google Docs API using OAuth 2.0. Create documents, insert and format text, and manage document content.
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 01:50 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1654 msbaseline-v3 8/8
RatioDaemon muttered: google-docs-skill looked ordinary in the good, boring way.5/5 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Source-aware scan found higher-privilege capability areas (token, oauth), but that alone is not evidence of malicious behavior.
Decision cue: Decent evidence base — source-level signals are available, so inspect the receipts.
secretcodex
akhmittra · vsource-scanned
Generate creative code names and encode/decode secret messages using classic and sophisticated ciphers. Blends nostalgic decoder ring fun with modern cryptographic techniques. Includes Caesar, Vigenère, Polybius, Rail Fence, and hybrid methods. Provides keys for secure message sharing between trusted parties.
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 04:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1618 msbaseline-v3 8/8
RatioDaemon on this skillSecretcodex is trying to handle secretcodex. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
sovereign-codebase-onboarding
ryudi84 · vsource-scanned
Codebase onboarding assistant that maps project architecture, identifies patterns, generates guides, and helps new developers understand any repository in minutes instead of days.
High Riskfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 20:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1659 msbaseline-v3 8/8
RatioDaemon on this skillSovereign Codebase Onboarding is trying to handle sovereign codebase onboarding. Baseline-v3 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
sovereign-commit-craft
ryudi84 · vsource-scanned
Git commit message expert. Analyzes diffs to generate perfect conventional commits, changelogs, release notes, and PR descriptions. Enforces commit message best practices and conventional commits spec.
High Riskfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 22:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1594 msbaseline-v3 8/8
RatioDaemon on this skillSovereign Commit Craft is trying to handle git commit message expert. Baseline-v3 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
sovereign-test-generator
ryudi84 · vsource-scanned
Analyzes codebases and generates comprehensive test suites. Unit tests, integration tests, edge cases, mocking strategies. Supports JavaScript/TypeScript (Jest, Vitest), Python (pytest), Go, and Rust.
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 07:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1686 msbaseline-v3 8/8
RatioDaemon on this skillSovereign Test Generator is trying to handle analyzes codebases and generates comprehensive test suites. Baseline-v3 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
conversational-ai-assistant
satoshistackalotto · vsource-scanned
Natural language interface for querying Greek accounting data. Ask questions in English, get answers from across all system skills.
Use Cautionfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-14 06:45 UTC
functionality-v2evidence depth: includes fixture-backed checkstested recently: within 7 dayspassedoutput 102 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1918 msbaseline-v3 8/8
RatioDaemon muttered: conversational-ai-assistant behaved itself under runtime pressure.6/6 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo .
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
greek-financial-statements
satoshistackalotto · vsource-scanned
Greek financial statement generation — P&L, balance sheets, VAT summaries with EGLS integration. Completeness gates prevent partial outputs.
Use Cautionfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-14 18:30 UTC
functionality-v2evidence depth: includes fixture-backed checkstested recently: within 7 dayspassedoutput 102 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1919 msbaseline-v3 8/8
RatioDaemon muttered: greek-financial-statements cleared baseline-v3 without trying anything cute.6/6 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo .
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
secure-auth-patterns
brandonwise · vsource-scanned
Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems.
High Riskfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-14 23:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1637 msbaseline-v3 8/8
RatioDaemon on this skillSecure Auth Patterns sits in the secure auth patterns lane. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
system-health-check
satoshistackalotto · vsource-scanned
System health validator — checks skill files, paths, permissions, binaries, backup freshness, and encryption. Produces pass/fail reports.
Use Cautionfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 14:15 UTC
functionality-v2evidence depth: includes fixture-backed checkstested recently: within 24 hourspassedoutput 102 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1929 msbaseline-v3 8/8
RatioDaemon on this skillSystem Health Check is built for system health check. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo .
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
system-integrity-and-backup
satoshistackalotto · vsource-scanned
Encrypted backups, integrity verification, and data retention enforcement for Greek legal requirements (5-20 year retention). AES-256.
Use Cautionfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 17:00 UTC
functionality-v2evidence depth: includes fixture-backed checkstested recently: within 24 hourspassedoutput 102 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1942 msbaseline-v3 8/8
RatioDaemon on this skillSystem Integrity And Backup sits in the self hosted and automation automation lane. Baseline-v3 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo .
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
bandwidth-income
mariusfit · vsource-scanned
Turn your unused internet bandwidth into passive crypto income. This skill helps you set up, monitor, and optimize bandwidth-sharing nodes across multiple networks.
High Riskfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-14 09:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 102 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1939 msbaseline-v3 8/8
RatioDaemon on this skillBandwidth Income is built for turn your unused internet bandwidth into passive crypto income. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
ctf-writeup-generator
akhmittra · vsource-scanned
Automatically generate professional CTF writeups from solving sessions with flag detection, challenge categorization, and proper markdown formatting
High Riskfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 06:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1700 msbaseline-v3 8/8
RatioDaemon on this skillCtf Writeup Generator looks aimed at ctf writeup generation. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo , password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
dub-links-api
ferminrp · vsource-scanned
>
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 04:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1688 msbaseline-v3 8/8
RatioDaemon on this skillDub Links Api is built for dub links api. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
gcp-fullstack
guifav · vsource-scanned
Full-stack super agent for projects on Google Cloud Platform with GitHub and Cloudflare — covers scaffolding, compute, database, auth, deploy, CDN, and security
High Riskfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-14 14:30 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1619 msbaseline-v3 8/8
RatioDaemon on this skillGcp Fullstack is trying to handle gcp fullstack. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
greek-banking-integration
satoshistackalotto · vsource-scanned
Parses bank statements from all major Greek banks (Alpha, NBG, Eurobank, Piraeus). File-based CSV/Excel import with transaction reconciliation.
Use Cautionfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-14 10:00 UTC
functionality-v2evidence depth: includes fixture-backed checkstested recently: within 7 dayspassedoutput 102 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1915 msbaseline-v3 8/8
RatioDaemon muttered: greek-banking-integration cleared baseline-v3 without trying anything cute.6/6 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: sudo .
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
playwright-browser-automation
spiceman161 · vsource-scanned
Browser automation using Playwright API directly. Navigate websites, interact with elements, extract data, take screenshots, generate PDFs, record videos, and automate complex workflows. More reliable than MCP approach.
High Riskfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 07:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 99 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 2087 msbaseline-v3 8/8
RatioDaemon muttered: playwright-browser-automation cleared baseline-v3 without trying anything cute.6/6 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: eval(, sudo , password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
password-gen-pro
mkpareek0315 · vsource-scanned
When user asks to generate a password, create PIN, make passphrase, check password strength, generate API key, create secure token, manage password ideas, generate username, bulk passwords, or any password/security task. 15-feature AI password and security tool with strength checker, passphrase generator, breach checker logic, and bulk generation. All data stays local — NO external API calls, NO network requests, NO data sent to any server. Does NOT store actual passwords.
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-14 12:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1682 msbaseline-v3 8/8
RatioDaemon on this skillPassword Gen Pro is built for password gen. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
api-security
brandonwise · vsource-scanned
Implement secure API design patterns including authentication, authorization, input validation, rate limiting, and protection against common API vulnerabilities.
High Riskfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 02:00 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1649 msbaseline-v3 8/8
RatioDaemon on this skillApi Security is built for api security. Functionality-v2 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
box-automation
sohamganatra · vsource-scanned
Automate Box cloud storage operations including file upload/download, search, folder management, sharing, collaborations, and metadata queries via Rube MCP (Composio). Always search tools first for current schemas.
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 00:45 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1649 msbaseline-v3 8/8
RatioDaemon on this skillBox Automation looks aimed at box automation. Baseline-v3 currently passes, the trust label is High Risk, and setup looks advanced.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
clawdbot-security-check
thesethrose · vsource-scanned
Perform a comprehensive read-only security audit of Clawdbot's own configuration. This is a knowledge-based skill that teaches Clawdbot to identify hardening opportunities across the system. Use when user asks to "run security check", "audit clawdbot", "check security hardening", or "what vulnerabilities does my Clawdbot have". This skill uses Clawdbot's internal capabilities and file system access to inspect configuration, detect misconfigurations, and recommend remediations. It is designed to be extensible - new checks can be added by updating this skill's knowledge.
High Riskfollow-on functionality checks passed · 6/6confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 05:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 7 dayspassedoutput 102 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1888 msbaseline-v3 8/8
RatioDaemon muttered: clawdbot-security-check cleared baseline-v3 without trying anything cute.6/6 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: curl |, rm -rf.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
curl-http
arnarsson · vsource-scanned
Essential curl commands for HTTP requests, API testing, and file transfers.
Use Cautionfollow-on functionality checks passed · 5/5confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-15 12:15 UTC
functionality-v2evidence depth: follow-on functionality checkstested recently: within 24 hourspassedoutput 80 Bartifacts 0worker oc-sandboxsource stage: cache hitsuite 1694 msbaseline-v3 8/8
RatioDaemon muttered: curl-http behaved itself under runtime pressure.5/5 functionality-v2 checks passed. Pleasantly boring.
Observed: skill-structure-ok
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.
evolution-api
impa365 · vsource-scanned
openclaw:
High Riskbaseline safety checks passed · 8/8confidence: source evidence+ 2 more
Runtime receipts + what passed2026-03-16 07:45 UTC
baseline-v3evidence depth: baseline checks onlytested recently: within 24 hourspassed, handled_fake_credentials_cleanlyoutput 245 Bartifacts 2worker oc-sandboxsource stage: fresh copysuite 2388 ms
RatioDaemon muttered: evolution-api behaved itself under runtime pressure.8/8 baseline-v3 checks passed. Pleasantly boring.
Observed: 2 /workspace/source-files.txt
Take: Potentially suspicious implementation signals detected: password.
Decision cue: Proceed carefully — suspicious signals matter more than capability surface alone.