SR
SkillRadar
Agent security + benchmarks
Menu

Security first

Safety Radar beta now; performance benchmarks, private registries, and runtime skill recommendations next.

Trust Report v1

openclaw-pre-release-plugin-testing

Plan and run pre-release OpenClaw plugin validation across bundled plugins, package artifacts, lifecycle commands, doctor/fix, config round-trip, gateway startup, SDK compatibility, Docker E2E, Package Acceptance, and Testbox proof.

Overall
68
Trust
47
Utility
80
Momentum
95

Install caution

High-risk behavior present

Risk: High

Source: OpenClaw Built-in Skills

Path: .agents/skills/openclaw-pre-release-plugin-testing/SKILL.md

Review flags: browser/session access, filesystem/home-directory access, package installation commands, shell command snippets. These are review signals, not definitive security judgments; inspect before installing.

Required permissions

  • Shell commands
  • Filesystem/home access
  • Browser/session access

Permissions are inferred from SKILL.md text only. They are review prompts, not guarantees about runtime behavior.

Risk flags explained

browser_or_session_accessmedium

Mentions browser automation, cookies, sessions, local storage, or browser state.

filesystem_write_or_home_accessmedium

Mentions filesystem writes, deletes, home-directory paths, or config/key locations.

package_installmedium

Mentions package installation or dependency-fetching commands.

shell_commandmedium

Contains shell command snippets. Review commands before copy/paste or agent execution.

Score explanation

Trust

  • Trust starts at 90 before review-signal penalties and metadata bonuses.
  • Risk-signal penalty: -45 from 4 detected flag(s).
  • Metadata bonus: +2 from author/version/description fields.

Utility

  • Utility starts at 55 and rewards clear descriptions, runnable examples, and explicit setup needs.
  • Description present: yes.
  • Command examples detected: 17.
  • Environment variables detected: 0.

Momentum

  • Momentum starts at 45 and uses public repo activity signals.
  • Recent commit activity: latest repo update was 0 day(s) ago.
  • Recent commit volume: 100 commit(s) in the lookback window (+20).
  • Source has strong public adoption: 368598 stars.
  • Fork activity suggests reuse: 75946 forks.

Overall

  • Overall score weights trust 45%, utility 35%, and momentum 20%.

Detected signals

Env vars

None detected in SKILL.md text scan.

Commands

  • OPENCLAW_PLUGINS_E2E_CLAWHUB=0 pnpm test:docker:plugins
  • OPENCLAW_TESTBOX=1 pnpm check:changed
  • gh workflow run package-acceptance.yml --repo openclaw/openclaw --ref main -f workflow_ref=main -f source=ref -f package_ref=<branch-or-sha> -f suite_profile=custom -f docker_lanes='plugins-offline plugin-update bundled-channel-deps-compat doctor-switch update-channel-switch config-reload mcp-channels npm-onboard-channel-agent' -f telegram_mode=mock-openai
  • git status --short --branch
  • openclaw plugins inspect --all --json
  • openclaw status --json
  • openclaw-testing
  • openclaw/plugin-sdk/*
  • pnpm changed:lanes --json
  • pnpm docs:list
  • pnpm run test:extensions:package-boundary:canary
  • pnpm run test:extensions:package-boundary:compile

URLs

None detected in SKILL.md text scan.

Watch this skill

Get alerted when this skill adds credential requirements, shell commands, external domains, remote installer patterns, or risk-level changes.

Join watchlist beta

Methodology note

SkillRadar scans SKILL.md as hostile text only. It does not execute commands, install packages, or load third-party skills.

View source SKILL.mdBack to changesView sources