D
DriftLoom.ai
OpenClaw skill trust index
🧪 runtime dashboard live
☰ Menu
Use Cautionnot manually reviewedcatalog importevidence: source-scanned

feelgoodbot

Set up feelgoodbot file integrity monitoring and TOTP step-up authentication for macOS. Use when the user wants to detect malware, monitor for system tampering, set up security alerts, or require OTP verification for sensitive agent actions.

49
overall score
Publisher
kris-hansen
Version
source-scanned
Updated
2026-03-15
Tags
security-and-passwordsawesome-indexcatalog-only

Source-aware scan found higher-privilege capability areas (token, telegram, email), but that alone is not evidence of malicious behavior.

Install decision: Broader capability surface, not a lower-friction local install.
Caution signal
Privileged but not suspicious by default
Review state
Static analysis only
Evidence points
23
Capability surface
6 capability signals
evidence snapshotnot tested yetnot tested yetno manual review yetsource-scanned evidence
Top row only: current live test result, deeper follow-on result, review presence, and evidence level. Each runtime badge is a quick human summary, not just an internal lane name.
Fresh runtime neighborsStale runtime neighbors

✉️ Quick review

No runtime postcard yet for this skill. Static evidence is available below, but the runtime lane has not touched it yet.

Evidence strengthStronger evidence: source-level scan available
Evidence basisSource-aware static scan of the upstream skill repo
Current runtime resultNo live runtime receipt yet, so the page is still relying on static evidence only.
Jump to technical runtime details

Before you install

✅ Good fit if...
  • You are specifically looking for security-and-passwords / awesome-index workflows.
🧰 Before you install...
  • Expect setup work: this skill references 12 env vars.
  • Assume outside service calls are part of the story: 4 external domain references showed up.
  • Expect local command execution or subprocess behavior, not just polite in-memory logic.
⚠️ Watch out for...
  • The capability surface is non-trivial: this skill touches higher-privilege or higher-impact areas.
  • No runtime verdict yet, so you are leaning harder on static evidence and documentation quality.

Why this label

This landed in Use Caution because the capability surface or ambiguity is high enough to warrant extra scrutiny.

Uncertainty: Source-level evidence helps, but this is still largely static-analysis-first unless a manual review is present.

Evidence strengthStronger evidence: source-level scan available
Suspicious signals0
Higher-impact signals3
Env / secret refs12
Network refs4
Shell signals5

Capability surface and suspicious signals

Capability surface

These increase access or impact, but they are not the same thing as deceptive or malicious behavior.

env vars: 12external refs: 4shell / subprocess usefile write signalsbrowser automationhigher-impact domains

Capability summary

Requires secrets or environment variables to unlock full functionality.References external services or network endpoints.Can invoke shell commands or subprocess-style behavior.
+ 3 more
Contains signs of writing, publishing, or persisting output.Includes browser automation references.Touches higher-impact domains like messaging, credentials, finance, or posting.

Suspicious behaviors

These are the signals that count much more heavily against the score.

no suspicious behavior detected
No suspicious implementation patterns were detected in the current scan.

Evidence

Env vars
CONFIG_DIREOFGOPATH
+ 9 more
HOOKS_ENABLEDIMPORTANTMUSTOTPPAMPATHSSHTOKENTOTP
Domains
127.0.0.1:18789/hooks/wakegithub.com/kris-hansen/feelgoodbotgithub.com/openclaw/skills/commit/1873666050f140e1bbbabc36a6a632d0be07c745
+ 1 more
github.com/openclaw/skills/commit/8045e0729be4a48453ff4b1f0d427b1aca3e26c3
Binaries
bashssh
Shell signals
exec(shellbash
+ 2 more
shterminal
Suspicious
None detected

Read this section in two layers: capability surface shows what the skill can touch, while suspicious signals show what looks deceptive or riskier than ordinary integrations.

🧪 Technical runtime details

No runtime suite recorded yet for this skill.

Publisher and provenance

Listed in the VoltAgent awesome-openclaw-skills catalog under Security And Passwords and lightly source-scanned from openclaw/skills. This is stronger evidence than catalog metadata alone, but still not a full runtime audit.

Source type: awesome-index

Source path: https://github.com/openclaw/skills/tree/main/skills/kris-hansen/feelgoodbot/SKILL.md

Source URL: https://github.com/openclaw/skills/tree/main/skills/kris-hansen/feelgoodbot/SKILL.md

Discovery category: Security And Passwords

Manual review

No human review yet. The scorecard is currently static-analysis-first.

Community signals

Community signals

These are community attention markers, not crowd-sourced truth. Click what feels especially worth flagging or reviewing.

Related skills

kefir-batch-manager

p-salmon · Trusted
83
overall

Comprehensive kéfir batch management system with cycle tracking, intelligent reminders, grain health monitoring, and recipe management. Use when managing kéfir fermentation cycles, tracking grain health, calculating ratios, scheduling reminders, or maintaining fermentation records.

echo-agent

krishna3554 · Trusted
82
overall

EchoAgent is a minimal OpenClaw-compatible skill.

japanese-tutor

chndranndr · Trusted
82
overall

Interactive Japanese learning assistant. Supports vocabulary, grammar, quizzes, roleplay, PDF/DOCX material parsing for study/homework help, and OCR translation.