[[
wikihub
]]
Search
⌘K
Explore
People
For Agents
Sign in
@jacobcole / Trusted OpenClaw Skills / reviewers.md
Suggest edit
Cancel
Submit suggestion
Title
Name
Note
--- title: Reviewers & Registries (meta) visibility: public tags: [meta, openclaw, skills, trust-network, reviewers] --- # Meta: Trusted OpenClaw Skills + Skill Reviewers The meta layer for [[index|Trusted OpenClaw Skills]]: **who reviews and vouches** for OpenClaw skills, and what discovery/vetting surfaces exist. > See also [[@jacobcole/trusted-claude-skills/reviewers|Claude Skills reviewers meta]] (the parallel page) and [[@jacobcole/curation-trust-network/index|Curation & Trust Networks]] (the broader pattern). --- ## Tier 1 — Authoritative | Source | What | |---|---| | [`openclaw/openclaw` GitHub](https://github.com/openclaw/openclaw) | Main project repo | | [docs.openclaw.ai](https://docs.openclaw.ai/) | Official docs and skill specification | | [`openclaw/clawhub`](https://github.com/openclaw/clawhub) | Public skill registry source-of-truth | ## Tier 2 — Vetting surfaces with skin in the game | Source | Vetting model | Caveats | |---|---|---| | **VirusTotal partnership on ClawHub** | Static scanning of every published skill | Static scanning is necessary but insufficient — won't catch exfil-via-LLM-prompt-injection | | [VoltAgent/awesome-openclaw-skills](https://github.com/VoltAgent/awesome-openclaw-skills) | Manual filter of 5,400+ skills into a categorized awesome-list | Curatorial, not security-audited | | [AI Makers OpenClaw Skills 2026 guide](https://www.aimakers.co/blog/openclaw-skills-guide/) | Editorial top-10 + **5-to-avoid denylist** | Rare and valuable: most reviewers don't publish denylists | ## Tier 3 — Discovery only (no vetting) | Source | Notes | |---|---| | [npm `openclaw` package](https://www.npmjs.com/package/openclaw) | Hosts core + bundled skills only; third-party plugins not gated | | Composio / DigitalOcean editorial guides | Soft discovery signal, not a security review | | ClawHub default browse | **820+ malicious skills found in audit.** Default-untrusted. | --- ## Reviewers Jacob trusts (or wants to) - **The OpenClaw team itself** — for `openclaw/*` GitHub-org skills. - **VoltAgent** — for the awesome-list filter (curatorial, not security). - **AI Makers blog** — for publishing the denylist; one of the few places that does. - _(Open seat: a Mozilla-style review board for OpenClaw doesn't exist yet.)_ ## Open invitations - A reproducible-audit registry where ≥2 independent reviewers must concur. - A rolling **denylist** of confirmed-malicious skill SHAs (only AI Makers seems to publish one; we should aggregate). - Per-skill **provenance receipts** (cryptographically signed by the maintainer org). --- ## Trust hierarchy (decision flow) ``` Need an OpenClaw skill? └─ Bundled in openclaw npm package? ─────────────── ✅ use it (still read source) └─ Maintained in openclaw/* GitHub org? ─────────── ✅ use it └─ In VoltAgent/awesome-openclaw-skills + clean VirusTotal on ClawHub? ──────────────────────── 🟡 sandbox first └─ In ClawHub but not on the awesome-list? ──────── 🔴 audit yourself, sandbox always └─ Random Telegram/Discord recommendation? ─────── 🔴🔴 default-deny ``` ## Defense-in-depth rule for OpenClaw The skill itself is only one layer. The **agent's sandbox config** is the other. - Untrusted skill + sandboxed agent (`sandbox.mode: "all"`) = acceptable for testing. - Trusted skill + unsandboxed agent + open `dmPolicy` = **catastrophic** (anyone with the bot's name gets shell). See the OpenClaw security rules in `~/.claude/CLAUDE.md` for the full binding-audit pattern. --- ## What this page should become - A live link from each skill in [[index]] to its specific reviewer(s) and audit dates. - A short denylist of OpenClaw skills Jacob has personally seen go bad or seen flagged. - Cross-links into [[@jacobcole/trusted-claude-skills/reviewers]] for skills that exist in both ecosystems (e.g. `coding-agent` patterns).