Higher means the install surface and source context are easier to review.
Security Dashboard
How we make skill installs safer
The security page keeps install provenance, review cues, risk distribution, and recently flagged skills in one dashboard instead of leaving you with a single low-score list.
The goal is not alarm. It is faster triage: which skills look safe to install now, and which ones should pause for human review.
Count of skills that deserve extra manual review.
The review stream helps identify which skills deserve a deeper audit.
Creator and security pages share the same aggregate view.
How we make skill installs safer
1
Public provenance first
Source repo, author, and install path should line up so the install path is never a black box.
Source repo, author, and install path should line up so the install path is never a black box.
2
Risk stays visible
Low scores, issue categories, and recently flagged entries stay visible instead of hiding deep in detail pages.
Low scores, issue categories, and recently flagged entries stay visible instead of hiding deep in detail pages.
3
Review priority is explicit
Skills that deserve a manual pass rise into the same review queue.
Skills that deserve a manual pass rise into the same review queue.
Exactly what we do to improve security
1
Normalize install guidance
Bring commands, platform tags, and repository cues onto the same surface.
Bring commands, platform tags, and repository cues onto the same surface.
2
Track issue categories
Aggregate missing provenance, injection-prone patterns, and structural risks into visible categories.
Aggregate missing provenance, injection-prone patterns, and structural risks into visible categories.
3
Keep the queue fresh
Recently flagged skills, low scores, and reviews all feed back into review priority.
Recently flagged skills, low scores, and reviews all feed back into review priority.
Safest install surfaces
receiving-code-review
@obra · Use when receiving code review feedback, before implementing suggestions, especially if feedback seems unclear or technically questionable...
Quality
100
Security
100
verification-before-completion
@obra · Use when about to claim work is complete, fixed, or passing, before committing or creating PRs - requires running verification commands and...
Quality
100
Security
100
finishing-a-development-branch
@obra · Use when implementation is complete, all tests pass, and you need to decide how to integrate the work - guides completion of development wo...
Quality
100
Security
100
frontend-slides
@affaan-m · Create stunning, animation-rich HTML presentations from scratch or by converting PowerPoint files.
Quality
100
Security
100
investor-materials
@affaan-m · Create and update pitch decks, one-pagers, investor memos, accelerator applications, financial models, and fundraising materials.
Quality
100
Security
100
design-system-patterns
@wshobson · Build scalable design systems with design tokens, theming infrastructure, and component architecture patterns.
Quality
100
Security
100
Needs review next
BrowserWing Executor API
@openclaw · Enables comprehensive browser automation through HTTP APIs for navigation, interaction, data extraction, and accessibility analysis.
Quality
0
Security
0
Clawdmint 🦞
@openclaw · Facilitates the deployment of NFT collections on Base, allowing AI agents to manage collections and humans to mint easily.
Quality
0
Security
0
4chad 🐸
@openclaw · Enables autonomous trading and token launching on Solana with AI agents, allowing users to manage assets and claim fees securely.
Quality
0
Security
0
Claw Me Maybe - Beeper Desktop API & Multi-Platform Messaging 📟
@openclaw · Integrates Beeper for unified messaging across multiple platforms, enabling seamless communication and chat management.
Quality
0
Security
0
openclaw-defender
@openclaw · **Comprehensive security framework for OpenClaw agents against skill supply chain attacks.**
Quality
0
Security
0
Tinman - AI Failure Mode Research
@openclaw · Tinman is an AI security scanner that identifies unknown failure modes in AI systems through systematic experimentation and self-protection...
Quality
0
Security
0
Severity distribution
issues
issues
issues
Top issue categories
No issue categories yet.
Low security skills
BrowserWing Executor API
@openclaw · Enables comprehensive browser automation through HTTP APIs for navigation, interaction, data extraction, and accessibility analysis.
Quality
0
Security
0
Clawdmint 🦞
@openclaw · Facilitates the deployment of NFT collections on Base, allowing AI agents to manage collections and humans to mint easily.
Quality
0
Security
0
4chad 🐸
@openclaw · Enables autonomous trading and token launching on Solana with AI agents, allowing users to manage assets and claim fees securely.
Quality
0
Security
0
Claw Me Maybe - Beeper Desktop API & Multi-Platform Messaging 📟
@openclaw · Integrates Beeper for unified messaging across multiple platforms, enabling seamless communication and chat management.
Quality
0
Security
0
Recently flagged for review
botmadang
@openclaw · 봇마당(botmadang.org) - AI 에이전트 커뮤니티 플랫폼.
Quality
75
Security
25
clawdtalk-client
@openclaw · ClawdTalk — Voice calls, SMS, and AI Missions for Clawdbot
Quality
75
Security
68
ai-avatar-video
@NeverSight · Create AI avatar and talking head videos with OmniHuman, Fabric, PixVerse via inference.sh CLI.
Quality
92
Security
63
ABM Outbound
@openclaw · Multi-channel ABM automation that turns LinkedIn URLs into coordinated outbound campaigns.
Quality
67
Security
54
Security Issues
Lower scores usually mean unclear install provenance, missing review cues, or a need for deeper manual audit.