Meta: Trusted OpenClaw Skills + Skill Reviewers
The meta layer for Trusted OpenClaw Skills: who reviews and vouches for OpenClaw skills, and what discovery/vetting surfaces exist.
See also Claude Skills reviewers meta (the parallel page) and Curation & Trust Networks (the broader pattern).
Tier 1 — Authoritative
| Source | What |
|---|---|
openclaw/openclaw GitHub |
Main project repo |
| docs.openclaw.ai | Official docs and skill specification |
openclaw/clawhub |
Public skill registry source-of-truth |
Tier 2 — Vetting surfaces with skin in the game
| Source | Vetting model | Caveats |
|---|---|---|
| VirusTotal partnership on ClawHub | Static scanning of every published skill | Static scanning is necessary but insufficient — won't catch exfil-via-LLM-prompt-injection |
| VoltAgent/awesome-openclaw-skills | Manual filter of 5,400+ skills into a categorized awesome-list | Curatorial, not security-audited |
| AI Makers OpenClaw Skills 2026 guide | Editorial top-10 + 5-to-avoid denylist | Rare and valuable: most reviewers don't publish denylists |
Tier 3 — Discovery only (no vetting)
| Source | Notes |
|---|---|
npm openclaw package |
Hosts core + bundled skills only; third-party plugins not gated |
| Composio / DigitalOcean editorial guides | Soft discovery signal, not a security review |
| ClawHub default browse | 820+ malicious skills found in audit. Default-untrusted. |
Reviewers Jacob trusts (or wants to)
- The OpenClaw team itself — for
openclaw/*GitHub-org skills. - VoltAgent — for the awesome-list filter (curatorial, not security).
- AI Makers blog — for publishing the denylist; one of the few places that does.
- (Open seat: a Mozilla-style review board for OpenClaw doesn't exist yet.)
Open invitations
- A reproducible-audit registry where ≥2 independent reviewers must concur.
- A rolling denylist of confirmed-malicious skill SHAs (only AI Makers seems to publish one; we should aggregate).
- Per-skill provenance receipts (cryptographically signed by the maintainer org).
Trust hierarchy (decision flow)
Need an OpenClaw skill?
└─ Bundled in openclaw npm package? ─────────────── ✅ use it (still read source)
└─ Maintained in openclaw/* GitHub org? ─────────── ✅ use it
└─ In VoltAgent/awesome-openclaw-skills + clean
VirusTotal on ClawHub? ──────────────────────── 🟡 sandbox first
└─ In ClawHub but not on the awesome-list? ──────── 🔴 audit yourself, sandbox always
└─ Random Telegram/Discord recommendation? ─────── 🔴🔴 default-deny
Defense-in-depth rule for OpenClaw
The skill itself is only one layer. The agent's sandbox config is the other.
- Untrusted skill + sandboxed agent (
sandbox.mode: "all") = acceptable for testing. - Trusted skill + unsandboxed agent + open
dmPolicy= catastrophic (anyone with the bot's name gets shell).
See the OpenClaw security rules in ~/.claude/CLAUDE.md for the full binding-audit pattern.
What this page should become
- A live link from each skill in index to its specific reviewer(s) and audit dates.
- A short denylist of OpenClaw skills Jacob has personally seen go bad or seen flagged.
- Cross-links into @jacobcole/trusted-claude-skills/reviewers for skills that exist in both ecosystems (e.g.
coding-agentpatterns).