Crawler Summary
Security audit gate for new OpenClaw skills before installation/use. Use when reviewing ClawHub/GitHub/local skills for malicious patterns, undeclared capabilities, supply-chain risk, prompt-injection traps, and runtime abuse; return APPROVED/CAUTION/REJECT with policy-based scoring. --- name: skill-check description: Security audit gate for new OpenClaw skills before installation/use. Use when reviewing ClawHub/GitHub/local skills for malicious patterns, undeclared capabilities, supply-chain risk, prompt-injection traps, and runtime abuse; return APPROVED/CAUTION/REJECT with policy-based scoring. --- Skill Check Use this skill **before enabling or installing** third-party skills. 1) Threat categ Published capability contract available. No trust telemetry is available yet. Last updated 3/1/2026.
Freshness
Last checked 3/1/2026
Best For
Contract is available with explicit auth and schema references.
Not Ideal For
skill-check is not ideal for teams that need stronger public trust telemetry, lower setup complexity, or more explicit contract coverage before production rollout.
Evidence Sources Checked
editorial-content, capability-contract, runtime-metrics, public facts pack
Security audit gate for new OpenClaw skills before installation/use. Use when reviewing ClawHub/GitHub/local skills for malicious patterns, undeclared capabilities, supply-chain risk, prompt-injection traps, and runtime abuse; return APPROVED/CAUTION/REJECT with policy-based scoring. --- name: skill-check description: Security audit gate for new OpenClaw skills before installation/use. Use when reviewing ClawHub/GitHub/local skills for malicious patterns, undeclared capabilities, supply-chain risk, prompt-injection traps, and runtime abuse; return APPROVED/CAUTION/REJECT with policy-based scoring. --- Skill Check Use this skill **before enabling or installing** third-party skills. 1) Threat categ
Public facts
6
Change events
1
Artifacts
0
Freshness
Mar 1, 2026
Published capability contract available. No trust telemetry is available yet. Last updated 3/1/2026.
Trust score
Unknown
Compatibility
OpenClaw
Freshness
Mar 1, 2026
Vendor
Poeybot
Artifacts
0
Benchmarks
0
Last release
Unpublished
Key links, install path, and a quick operational read before the deeper crawl record.
Summary
Published capability contract available. No trust telemetry is available yet. Last updated 3/1/2026.
Setup snapshot
git clone https://github.com/poeybot/skill-check.gitSetup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.
Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.
Vendor
Poeybot
Protocol compatibility
OpenClaw
Auth modes
api_key
Machine-readable schemas
OpenAPI or schema references published
Handshake status
UNKNOWN
Crawlable docs
6 indexed pages on the official domain
Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.
Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.
Extracted files
0
Examples
6
Snippets
0
Languages
typescript
Parameters
bash
scripts/quick_triage.sh /path/to/skill
bash
python3 scripts/static_audit.py /path/to/skill --format json > findings.json python3 scripts/verdict.py findings.json --category 2 --policy references/audit-policy.example.json
bash
scripts/dynamic_probe.sh /path/to/skill
bash
python3 scripts/scan_hub_slug.py skill-scanner --category 2 --profile balanced # or strict: python3 scripts/scan_hub_slug.py skill-scanner --category 3 --profile strict # or custom policy file: python3 scripts/scan_hub_slug.py skill-scanner --category 2 --policy references/audit-policy.gc.json
bash
scripts/safe_install.sh <slug> # optional scripts/safe_install.sh <slug> --version 1.2.3 --category 2 --policy references/audit-policy.gc.json
bash
scripts/install_shell_guard.sh source ~/.bashrc # or reopen shell
Full documentation captured from public sources, including the complete README when available.
Docs source
GITHUB OPENCLEW
Editorial quality
ready
Security audit gate for new OpenClaw skills before installation/use. Use when reviewing ClawHub/GitHub/local skills for malicious patterns, undeclared capabilities, supply-chain risk, prompt-injection traps, and runtime abuse; return APPROVED/CAUTION/REJECT with policy-based scoring. --- name: skill-check description: Security audit gate for new OpenClaw skills before installation/use. Use when reviewing ClawHub/GitHub/local skills for malicious patterns, undeclared capabilities, supply-chain risk, prompt-injection traps, and runtime abuse; return APPROVED/CAUTION/REJECT with policy-based scoring. --- Skill Check Use this skill **before enabling or installing** third-party skills. 1) Threat categ
Use this skill before enabling or installing third-party skills.
Higher category => stricter verdict policy.
scripts/quick_triage.sh /path/to/skill
Immediate CAUTION/REJECT triggers:
python3 scripts/static_audit.py /path/to/skill --format json > findings.json
python3 scripts/verdict.py findings.json --category 2 --policy references/audit-policy.example.json
scripts/dynamic_probe.sh /path/to/skill
python3 scripts/scan_hub_slug.py skill-scanner --category 2 --profile balanced
# or strict:
python3 scripts/scan_hub_slug.py skill-scanner --category 3 --profile strict
# or custom policy file:
python3 scripts/scan_hub_slug.py skill-scanner --category 2 --policy references/audit-policy.gc.json
This downloads skill files via clawhub inspect --file into a temp workspace, scans, prints verdict, then cleans up.
Use the safe installer wrapper so install is blocked unless verdict is APPROVED:
scripts/safe_install.sh <slug>
# optional
scripts/safe_install.sh <slug> --version 1.2.3 --category 2 --policy references/audit-policy.gc.json
Behavior:
scan_hub_slug.pyclawhub install only when APPROVED~/.openclaw/workspace/.learnings/skill-audit-*.logclawhub install)One-time setup:
scripts/install_shell_guard.sh
source ~/.bashrc # or reopen shell
After this, clawhub install <slug> is intercepted and routed through scripts/safe_install.sh.
Use references/report-template.md format:
noscan suppression markers for intentionally listed patternstools/project-mode.sh ...)Environment variable support:
SKILLCHECK_PROFILE (strict|balanced|lenient|gc)SKILLCHECK_CATEGORY (1..4)SKILLCHECK_POLICY (custom policy JSON path)SKILLCHECK_PROFILES (custom profiles JSON path)Priority:
references/toolkit.mdreferences/risk-patterns.mdreferences/report-template.mdreferences/audit-policy.example.jsonreferences/audit-policy.gc.jsonreferences/policy-profiles.jsonreferences/competitive-findings.mdMachine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.
Contract coverage
Status
ready
Auth
api_key
Streaming
No
Data region
global
Protocol support
Requires: openclew, lang:typescript
Forbidden: none
Guardrails
Operational confidence: medium
curl -s "https://xpersona.co/api/v1/agents/poeybot-skill-check/snapshot"
curl -s "https://xpersona.co/api/v1/agents/poeybot-skill-check/contract"
curl -s "https://xpersona.co/api/v1/agents/poeybot-skill-check/trust"
Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.
Trust signals
Handshake
UNKNOWN
Confidence
unknown
Attempts 30d
unknown
Fallback rate
unknown
Runtime metrics
Observed P50
unknown
Observed P95
unknown
Rate limit
unknown
Estimated cost
unknown
Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.
Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.
Rank
70
AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents
Traction
No public download signal
Freshness
Updated 2d ago
Rank
70
AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs
Traction
No public download signal
Freshness
Updated 5d ago
Rank
70
Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!
Traction
No public download signal
Freshness
Updated 6d ago
Rank
70
The Frontend for Agents & Generative UI. React + Angular
Traction
No public download signal
Freshness
Updated 23d ago
Contract JSON
{
"contractStatus": "ready",
"authModes": [
"api_key"
],
"requires": [
"openclew",
"lang:typescript"
],
"forbidden": [],
"supportsMcp": false,
"supportsA2a": false,
"supportsStreaming": false,
"inputSchemaRef": "https://github.com/poeybot/skill-check#input",
"outputSchemaRef": "https://github.com/poeybot/skill-check#output",
"dataRegion": "global",
"contractUpdatedAt": "2026-02-24T19:42:04.767Z",
"sourceUpdatedAt": "2026-02-24T19:42:04.767Z",
"freshnessSeconds": 4428426
}Invocation Guide
{
"preferredApi": {
"snapshotUrl": "https://xpersona.co/api/v1/agents/poeybot-skill-check/snapshot",
"contractUrl": "https://xpersona.co/api/v1/agents/poeybot-skill-check/contract",
"trustUrl": "https://xpersona.co/api/v1/agents/poeybot-skill-check/trust"
},
"curlExamples": [
"curl -s \"https://xpersona.co/api/v1/agents/poeybot-skill-check/snapshot\"",
"curl -s \"https://xpersona.co/api/v1/agents/poeybot-skill-check/contract\"",
"curl -s \"https://xpersona.co/api/v1/agents/poeybot-skill-check/trust\""
],
"jsonRequestTemplate": {
"query": "summarize this repo",
"constraints": {
"maxLatencyMs": 2000,
"protocolPreference": [
"OPENCLEW"
]
}
},
"jsonResponseTemplate": {
"ok": true,
"result": {
"summary": "...",
"confidence": 0.9
},
"meta": {
"source": "GITHUB_OPENCLEW",
"generatedAt": "2026-04-17T01:49:11.652Z"
}
},
"retryPolicy": {
"maxAttempts": 3,
"backoffMs": [
500,
1500,
3500
],
"retryableConditions": [
"HTTP_429",
"HTTP_503",
"NETWORK_TIMEOUT"
]
}
}Trust JSON
{
"status": "unavailable",
"handshakeStatus": "UNKNOWN",
"verificationFreshnessHours": null,
"reputationScore": null,
"p95LatencyMs": null,
"successRate30d": null,
"fallbackRate": null,
"attempts30d": null,
"trustUpdatedAt": null,
"trustConfidence": "unknown",
"sourceUpdatedAt": null,
"freshnessSeconds": null
}Capability Matrix
{
"rows": [
{
"key": "OPENCLEW",
"type": "protocol",
"support": "unknown",
"confidenceSource": "profile",
"notes": "Listed on profile"
},
{
"key": "without",
"type": "capability",
"support": "supported",
"confidenceSource": "profile",
"notes": "Declared in agent profile metadata"
}
],
"flattenedTokens": "protocol:OPENCLEW|unknown|profile capability:without|supported|profile"
}Facts JSON
[
{
"factKey": "docs_crawl",
"category": "integration",
"label": "Crawlable docs",
"value": "6 indexed pages on the official domain",
"href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceType": "search_document",
"confidence": "medium",
"observedAt": "2026-04-15T05:03:46.393Z",
"isPublic": true
},
{
"factKey": "vendor",
"category": "vendor",
"label": "Vendor",
"value": "Poeybot",
"href": "https://github.com/poeybot/skill-check",
"sourceUrl": "https://github.com/poeybot/skill-check",
"sourceType": "profile",
"confidence": "medium",
"observedAt": "2026-03-01T06:03:39.349Z",
"isPublic": true
},
{
"factKey": "protocols",
"category": "compatibility",
"label": "Protocol compatibility",
"value": "OpenClaw",
"href": "https://xpersona.co/api/v1/agents/poeybot-skill-check/contract",
"sourceUrl": "https://xpersona.co/api/v1/agents/poeybot-skill-check/contract",
"sourceType": "contract",
"confidence": "medium",
"observedAt": "2026-02-24T19:42:04.767Z",
"isPublic": true
},
{
"factKey": "auth_modes",
"category": "compatibility",
"label": "Auth modes",
"value": "api_key",
"href": "https://xpersona.co/api/v1/agents/poeybot-skill-check/contract",
"sourceUrl": "https://xpersona.co/api/v1/agents/poeybot-skill-check/contract",
"sourceType": "contract",
"confidence": "high",
"observedAt": "2026-02-24T19:42:04.767Z",
"isPublic": true
},
{
"factKey": "schema_refs",
"category": "artifact",
"label": "Machine-readable schemas",
"value": "OpenAPI or schema references published",
"href": "https://github.com/poeybot/skill-check#input",
"sourceUrl": "https://xpersona.co/api/v1/agents/poeybot-skill-check/contract",
"sourceType": "contract",
"confidence": "high",
"observedAt": "2026-02-24T19:42:04.767Z",
"isPublic": true
},
{
"factKey": "handshake_status",
"category": "security",
"label": "Handshake status",
"value": "UNKNOWN",
"href": "https://xpersona.co/api/v1/agents/poeybot-skill-check/trust",
"sourceUrl": "https://xpersona.co/api/v1/agents/poeybot-skill-check/trust",
"sourceType": "trust",
"confidence": "medium",
"observedAt": null,
"isPublic": true
}
]Change Events JSON
[
{
"eventType": "docs_update",
"title": "Docs refreshed: Sign in to GitHub · GitHub",
"description": "Fresh crawlable documentation was indexed for the official domain.",
"href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
"sourceType": "search_document",
"confidence": "medium",
"observedAt": "2026-04-15T05:03:46.393Z",
"isPublic": true
}
]Sponsored
Ads related to skill-check and adjacent AI workflows.