SR
SkillRadar
Agent security + benchmarks
Menu

Security first

Safety Radar beta now; performance benchmarks, private registries, and runtime skill recommendations next.

Trust Report v1

openclaw-pr-maintainer

Review, triage, close, label, comment on, or land OpenClaw PRs/issues with maintainer evidence checks.

Overall
80
Trust
74
Utility
80
Momentum
95

Install caution

Needs manual review

Risk: Medium

Source: OpenClaw Built-in Skills

Path: .agents/skills/openclaw-pr-maintainer/SKILL.md

Review flags: network access or external URLs, shell command snippets. These are review signals, not definitive security judgments; inspect before installing.

Required permissions

  • Shell commands
  • Network/API usage

Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.

Risk flags explained

network_accessmedium

Mentions external URLs, network APIs, downloads, or HTTP client usage.

shell_commandmedium

Contains shell command snippets. Review commands before copy/paste or agent execution.

Score explanation

Trust

  • Trust starts at 90 before review-signal penalties and metadata bonuses.
  • Risk-signal penalty: -18 from 2 detected flag(s).
  • Metadata bonus: +2 from author/version/description fields.

Utility

  • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
  • Description present: yes.
  • Command examples detected: 11.
  • Environment variables detected: 0.

Momentum

  • Momentum starts at 45 and uses public repo activity signals.
  • Recent commit activity: latest repo update was 0 day(s) ago.
  • Recent commit volume: 100 commit(s) in the lookback window (+20).
  • Source has strong public adoption: 368598 stars.
  • Fork activity suggests reuse: 75946 forks.

Overall

  • Overall score weights trust 45%, utility 35%, and momentum 20%.

Detected signals

Env vars

None detected in SKILL.md text scan.

Commands

  • --repo openclaw/openclaw
  • gh
  • gh api
  • gh api users/<login> --jq '{login,name,created_at,type}'
  • gh issue view
  • gh issue/pr comment -b "..."
  • gh pr view
  • gh search
  • gh search issues --repo openclaw/openclaw --match title,body --limit 50 -- "auto-update"
  • gh search issues --repo openclaw/openclaw --match title,body --limit 50 --json number,title,state,url,updatedAt -- "auto update" --jq '.[] | "\(.number) | \(.state) | \(.title) | \(.url)"'
  • gh search prs --repo openclaw/openclaw --match title,body --limit 50 -- "auto-update"

URLs

None detected in SKILL.md text scan.

Watch this skill

Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.

Join watchlist beta

Methodology note

SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.

View source SKILL.mdBack to changesView sources