SR
SKILLRADAR
AI Security • Benchmarking • Index
Menu
Trust Report v1

claw-score

Audit or refresh OpenClaw maturity scorecard docs from root taxonomy, maturity scores, and QA evidence artifacts without using maintainer discrawl data or committed inventory reports.

Overall
85
Trust
84
Utility
80
Momentum
95

Install caution

Needs manual review

Risk: Low

Source: OpenClaw Built-in Skills

Path: .agents/skills/claw-score/SKILL.md

Review flags: shell command snippets. These are review signals, not definitive security judgments; inspect before installing.

Required permissions

  • Shell commands

Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.

Risk flags explained

shell_commandmedium

Contains shell command snippets. Review commands before copy/paste or agent execution.

Score explanation

Trust

  • Trust starts at 90 before review-signal penalties and metadata bonuses.
  • Risk-signal penalty: -8 from 1 detected flag(s).
  • Metadata bonus: +2 from author/version/description fields.

Utility

  • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
  • Description present: yes.
  • Command examples detected: 4.
  • Environment variables detected: 0.

Momentum

  • Momentum starts at 45 and uses public repo activity signals.
  • Recent commit activity: latest repo update was 0 day(s) ago.
  • Recent commit volume: 100 commit(s) in the lookback window (+20).
  • Source has strong public adoption: 379781 stars.
  • Fork activity suggests reuse: 79500 forks.

Overall

  • Overall score weights trust 45%, utility 35%, and momentum 20%.

Detected signals

Env vars

None detected in SKILL.md text scan.

Commands

  • NODE
  • node <<'NODE'
  • pnpm check:docs
  • pnpm openclaw qa coverage --json

URLs

None detected in SKILL.md text scan.

Provenance & evidence

SkillRadar makes each review traceable back to the exact source path, source blob SHA, scanner version, and text-only policy that produced the report.

source
github.com/openclaw/openclaw@main
path
.agents/skills/claw-score/SKILL.md
source blob SHA
9fc12f3e232720a14075db5ddf60bd5a1a5550b5
scanner version
0.3.0
security model
text_only_no_execute_no_install_no_secrets
scan policy
Fetched and scored as text only; no install, no execution, no runtime loading.

Evidence snippets

shell_command

…Commands Run from the openclaw repo root. Validate YAML structure after source edits: ```bash node <<'NODE' const fs = require("node:fs"); const YAML = require("yaml"); for (const fil…

Watch this skill

Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.

Join watchlist beta

Methodology note

SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.

View source SKILL.mdBack to changesView sources