Topic

#skill

Loot, blog posts and adjacent themes connected to this topic. Follow the tag to keep it in your orbit.

#skill
Loot

More from this topic

Explore all loot

Sanity-check product ideas before your agent starts building the wrong thing

0
#openclaw#skill#agent#product-validation#startup#free
A community OpenClaw skill that turns vague product or feature ideas into a short demand, distribution, and risk check before implementation. What it is Before You Build is a community OpenClaw skill for reviewing product ideas, feature requests, SaaS concepts, AI apps, and startup pivots before an agent starts writing code. Its core move is simple: force the idea through a quick reality check around demand, distribution, current alternatives, monetization fit, and likely failure patterns. Who should use it Use it when an indie hacker, founder, creator, or small team is tempted to build immediately because an idea feels obvious. It is especially useful for AI-app ideas, side projects, feature creep, competitor-copying pressure, and user requests that may not actually affect retention or payment. What it helps you decide Whether the idea is specific enough to evaluate. Whether the riskiest assumption is demand, distribution, pricing, trust, retention, or scope. Whether a feature request is a real workflow blocker or just product-completeness anxiety. Whether the next move should be build small, validate first, pivot first, defer, or avoid building yet. Setup surface The ClawHub page lists the install command as openclaw skills install @bin1874/before-you-build. Treat that as a setup lead, not an endorsement. Review the visible SKILL.md, file list, permissions, and any linked resources before installing it into a real workspace. Risk notes This is an editorial candidate, not a tested recommendation. LinkLoot has not run the skill, audited its package, or verified future registry updates. Because community skills can change after publication, inspect the source at install time, avoid sending confidential product plans to remote endpoints, and keep pre-build reviews separate from automatic code generation until the decision is clear. Source links Awesome OpenClaw Skills Before You Build on ClawHub
View
Free
Open

Transcribe Audio Locally in OpenClaw with Faster Whisper

0
#openclaw#skill#agent#free#transcription#speech-to-text
A free OpenClaw community skill candidate for local speech-to-text, subtitles, diarization, transcript search, podcast or URL input, and batch transcription workflows. What it does Faster Whisper is an OpenClaw community skill for local audio and video transcription. The ClawHub page and GitHub repository describe faster-whisper based speech-to-text, SRT/VTT/TTML/CSV subtitle output, speaker diarization, URL and YouTube input, podcast feed processing, batch mode, transcript search, chapter detection, translation to English, noisy-audio preprocessing, and per-file language handling. The useful LinkLoot angle is simple: an OpenClaw agent can turn recordings, interviews, lectures, podcasts, or video files into structured text without starting from a hosted transcription API. That can matter for cost, privacy, offline work after model download, and repeatable media pipelines. Who should use it Use this as a candidate if your OpenClaw workflow regularly handles meetings, creator clips, interviews, lectures, voice notes, podcasts, subtitles, or archive search. It fits local-first operators who want an agent to manage transcription steps and output formats instead of manually running a separate tool each time. It is less useful if your machine cannot handle local models, if you need enterprise transcription guarantees, or if your workflow already depends on a reviewed hosted provider with retention, compliance, and speaker-labeling controls. Setup surface ClawHub lists the package as @theplasmak/faster-whisper with the install command openclaw skills install @theplasmak/faster-whisper. The underlying GitHub repository is reachable and shows Python, shell, PowerShell, and batch surfaces, plus standalone setup scripts and transcription scripts. The GitHub page lists an MIT license. Pricing is classified as free from source evidence: the GitHub repository is public under an MIT license, the ClawHub entry exposes the skill without a paid gate, and the source describes local speech-to-text with no API cost. Hardware, model download, GPU, storage, and optional dependency costs still belong in the review notes. Runner test plan Runner AI Review should produce artifacts before anyone treats this as approved. The review should include static scan of SKILL.md, scripts, shell helpers, PowerShell, batch files, setup files, and release packaging; dependency/install review for Python version requirements, virtualenv creation, faster-whisper, CTranslate2, PyAV, CUDA detection, ffmpeg paths, yt-dlp, pyannote audio, and any model downloads; prompt-injection/tool-poisoning review for transcript text, subtitles, URL inputs, podcast feeds, and generated summaries; sandbox execution in a disposable workspace with harmless local audio and controlled network access; screenshot or video capture of install checks and representative command output where transcription or subtitle output exists; and residual risks covering model downloads, GPU drivers, large local files, copyrighted media, third-party URL fetching, transcript accuracy, diarization errors, and privacy handling for sensitive recordings. Risk notes This Loot does not claim Faster Whisper has been tested, declared safe, or made production-ready by LinkLoot Runner artifacts. The visible source is promising, but the setup surface is larger than a text-only skill: it can create a Python environment, install dependencies, download models, process local media, fetch URLs, and write transcript or subtitle files. First review should happen with throwaway audio, no private recordings, no production workspace, and network controls around URL and model-download behavior. Treat transcript content as untrusted input before summarizing, quoting, indexing, or sending it to another model. Source links Awesome OpenClaw Skills speech category: https://raw.githubusercontent.com/VoltAgent/awesome-openclaw-skills/main/categories/speech-and-transcription.md ClawHub page: https://clawhub.ai/theplasmak/faster-whisper Underlying GitHub repository: https://github.com/theplasmak/faster-whisper Source SKILL.md path: https://github.com/theplasmak/faster-whisper/blob/main/SKILL.md
View
Free
Open

Skill Vetter for OpenClaw Pre-Install Reviews

0
#openclaw#skill#agent#free#security#clawhub
A ClawHub community skill that gives OpenClaw agents a repeatable checklist for reviewing untrusted skills before installation. What it does Skill Vetter is a compact OpenClaw review checklist for inspecting community skills before installation. It focuses on provenance, file scope, command scope, network behavior, credential access, obfuscation, and risk classification. The useful angle is not automation depth; it gives an agent a repeatable pre-installation review format before any untrusted skill runs. Who should use it Use it when an OpenClaw operator wants a lightweight gate before installing skills from ClawHub, GitHub, or a shared zip. It fits solo agents, small teams, and maintainers who need a consistent report format for community skill review. It is less useful if you already run a full sandboxed review pipeline with dependency scanning and execution tracing. Setup surface ClawHub lists the package as @fatfingererr/azhua-skill-vetter with install command openclaw skills install @fatfingererr/azhua-skill-vetter. The reachable source surface includes the ClawHub skill page, the direct SKILL.md file endpoint, and the ClawHub package download. No separate GitHub repository was visible from the reviewed pages. Treat the package as untrusted until Runner review finishes. Pricing: the ClawHub page shows MIT-0 license metadata and no paid gate, so this Loot is classified as free from available source evidence. Runner test plan Static scan: inspect every file in the downloaded skill package, including meta.json, skill-card.md, and SKILL.md. Dependency/install review: verify whether the package declares scripts, package files, shell helpers, or install-time side effects; compare that surface against the ClawHub metadata. Prompt-injection/tool-poisoning review: treat the skill text as untrusted content and check for instructions that override agent policy, request secrets, broaden file access, or force unsafe verdicts. Sandbox execution: install only in a disposable OpenClaw workspace with no real credentials, no production memory files, and network controls enabled. Screenshot/video: capture the install output and one sample vetting report if command output or UI evidence exists. Residual risks: ClawHub packages can change after publication, the visible source is registry-hosted rather than a GitHub repo with independent commit history, and the skill's own checklist language should not replace human approval for high-risk installs. Risk notes The candidate is security-themed, but that does not make it reviewed or safe. It includes suggested curl commands for GitHub-hosted skills; those should be treated as examples for a sandboxed reviewer, not commands to run blindly. The strongest limitation is source transparency: a direct SKILL.md path is reachable, but no underlying GitHub repository was visible during this pass. Source links Awesome OpenClaw Skills list: https://github.com/VoltAgent/awesome-openclaw-skills/blob/main/README.md?plain=1L240 ClawHub page: https://clawhub.ai/fatfingererr/azhua-skill-vetter Independent index page: https://clawskills.sh/skills/fatfingererr-azhua-skill-vetter Reachable SKILL.md source: https://clawhub.ai/api/v1/skills/azhua-skill-vetter/file?path=SKILL.md Reachable package download: https://wry-manatee-359.convex.site/api/v1/download?slug=azhua-skill-vetter
View
Free
Open

Web Search Pro: Federated Web Retrieval for OpenClaw Agents

0
#openclaw#skill#agent#free#web-search#research#retrieval
A code-backed OpenClaw skill for live search, page extraction, crawl/map flows, and evidence packs with a no-key baseline plus optional provider upgrades. What it does Web Search Pro is a Node-based OpenClaw skill for agents that need more than a single search result page. It exposes live web search, news search, docs lookup, URL extraction, crawl/map commands, research packs, routing diagnostics, provider capability checks, and cache/health commands. The practical hook is the routing surface: it can start with a no-key baseline, then fan out to optional providers such as Tavily, Exa, Serper, Brave, SerpAPI, You.com, SearXNG, and Perplexity/Sonar when credentials are configured. Its source also describes federation metrics for recovered, corroborated, and deduplicated results, which gives an upstream agent a better audit trail than a plain search wrapper. Who should use it Use it for OpenClaw setups that need current web context, source discovery, docs lookup, company/product research, or a reusable retrieval layer before writing a final answer. It is a better fit for technical agents and self-hosted workspaces than for users who only need a lightweight one-command search helper. Setup surface The hard runtime requirement is Node. The baseline path is described as no-key and uses DDG/fetch-style retrieval. Premium search and extraction coverage requires optional provider keys or endpoints, including Tavily, Exa, Querit, Serper, Brave, SerpAPI, You.com, SearXNG, Perplexity/Sonar, OpenRouter, KiloCode, or a custom Perplexity-compatible gateway. Pricing classification: free. The GitHub repository is public and MIT-licensed, and the skill documents a no-key baseline. Some optional providers may be paid or rate-limited, so the free label applies to the skill/source and baseline path, not every upstream search provider. Runner test plan Static scan: inspect SKILL.md, package.json, all scripts/.mjs, config templates, and docs for hidden prompts, unsafe shell execution, credential reads, broad filesystem access, local-network fetches, and tool-poisoning language. Dependency/install review: review Node dependencies and lockfiles if present, verify license metadata, check for postinstall scripts, network-heavy packages, browser/runtime downloads, and unpinned or abandoned dependencies. Prompt-injection/tool-poisoning review: treat README, search results, fetched pages, provider responses, cache files, and generated evidence packs as untrusted data. Confirm the skill does not let source text alter agent instructions, reveal secrets, or bypass safety review. Sandbox execution: install and run only in an isolated Runner workspace with no real credentials first. Run doctor, bootstrap, a no-key search, an extract against a known benign URL, and cache/health commands with outbound traffic logged. Screenshot/video when UI or command output exists: capture terminal output for successful and degraded runs, including routing diagnostics, provider failures, and cache behavior. Capture browser-render output only if the render lane is enabled in the sandbox. Residual risks: optional provider keys can expose queries, URLs, and browsing targets to third parties; live search results can carry prompt injection; crawler/map flows need strict URL allow/deny controls; no-key providers may be brittle or rate-limited. Risk notes This Loot is not a safety endorsement and has not been marked tested by LinkLoot Runner yet. The strongest risks are external provider exposure, live-web prompt injection, and any script behavior that expands from search into crawling or rendering. The repo is small and public, but a Runner review should verify the actual code path before anyone treats it as production-ready. Source links Awesome OpenClaw Skills Search & Research category: https://raw.githubusercontent.com/VoltAgent/awesome-openclaw-skills/main/categories/search-and-research.md ClawHub page: https://clawhub.ai/zjianru/web-search-pro GitHub repository: https://github.com/Zjianru/web-search-pro Raw SKILL.md: https://raw.githubusercontent.com/Zjianru/web-search-pro/main/SKILL.md
View
Free
Open

Find token waste in OpenClaw before cron jobs drain premium model budget

0
#openclaw#skill#agent#free#cost-control#cron#model-governance#runner-review
Agent Audit is a read-only OpenClaw skill candidate for mapping agents, cron jobs, model tiers, token usage, and cost-risk mismatches. Find token waste in OpenClaw before cron jobs drain premium model budget Agent Audit is a community OpenClaw skill candidate for operators who run multiple agents, scheduled jobs, or mixed model providers and need a cost review before usage quietly compounds. What it does The skill page describes a read-only audit flow that scans OpenClaw configuration, cron history, session history, and model assignments. Its stated output is a Markdown report with estimated monthly spend, per-agent and per-cron breakdowns, and model-fit recommendations with risk notes. That makes it most useful for setups where simple recurring tasks may be running on expensive models, while coding, security, or critical reasoning tasks should stay on stronger models. Who should inspect it Use this as a candidate if you manage OpenClaw on a VPS, Raspberry Pi, or always-on workstation and already have several agents or scheduled automations. It is less useful for a single-agent install with little run history. Setup surface The ClawHub page lists openclaw skills install agent-audit and shows a Python entrypoint under scripts/audit.py. Review the SKILL.md, script behavior, file reads, and pricing reference before installation. Do not rely on provider pricing tables unless they match current billing. Risk notes LinkLoot has not run this skill. Treat it as an untested community candidate until runner artifacts exist. It may read sensitive local OpenClaw configuration, cron metadata, and session history, so inspect data handling before use. Any model downgrade advice should be reviewed manually, especially for coding, security review, production operations, or user-critical workflows. Source links Awesome OpenClaw Skills lists agent-audit under Coding Agents & IDEs. Clawskills mirrors the public listing and summarizes the workflow. ClawHub hosts the registry page, install surface, SKILL.md content, version, license, and security status fields.
View
Free
Open

Workflow Tools for OpenClaw: Loop Checks, Parallel Decisions, and File-Size Review

0
#openclaw#skill#agent#free#workflow#automation#runner-review
An OpenClaw skill candidate that bundles TODO/FIXME loop scans, parallel-vs-serial planning, file-size review, and subworkflow handoff into one local workflow surface. What it does Workflow Tools is an OpenClaw community skill candidate for keeping agent work tidy before it drifts. The skill defines a /wt command surface for four workflow utilities: scanning directories for open loops such as TODO/FIXME/PLACEHOLDER markers, evaluating whether a task should run in parallel or serial, checking files against a line-count threshold, and handing a task to another installed ClawHub skill. Pricing classification: free. The reachable Live Neon source repository is public and reports an MIT license; no paid gate was visible in the checked sources. Who should use it Use this candidate for review if your OpenClaw workspace often accumulates unfinished markers, oversized files, unclear handoffs, or parallelization decisions that need a repeatable checklist. It fits operators who want lightweight local workflow hygiene rather than another external SaaS integration. Setup surface The skill declares config files under .openclaw/workflow-tools.yaml and .claude/workflow-tools.yaml, plus output folders under output/loops/, output/parallel-decisions/, output/mce-analysis/, and output/subworkflows/. Its own text says loop scans and file-size review can read user-specified paths, and subworkflow mode can invoke other installed ClawHub skills. No installation or execution was performed on this Raspberry Pi. Runner test plan Static scan: inspect the Awesome entry, ClawHub page, Clawskills listing, mirrored SKILL.md, Live Neon source tree, raw SKILL.md, license file, and any repository metadata without executing commands. Dependency/install review: verify whether the skill has executable scripts, package manifests, hidden dependencies, install hooks, generated assets, or required companion skills such as failure-memory and constraint-engine. Prompt-injection/tool-poisoning review: check the SKILL.md and examples for instruction override attempts, secret requests, broad file-reading defaults, unsafe delegation language, or attempts to bypass OpenClaw approvals. Sandbox execution: only after static approval, install in a disposable OpenClaw workspace with dummy files, restricted secrets, isolated output directories, and no production skills available for subworkflow delegation. Screenshot/video when UI or command output exists: capture terminal output for /wt loops, /wt parallel, /wt mce, and a blocked or dummy /wt subworkflow attempt so reviewers can verify behavior. Residual risks: document arbitrary path scanning, accidental exposure of sensitive files, noisy TODO false positives, subworkflow permission expansion, stale companion-skill assumptions, and drift between Clawskills mirror version 1.4.0 and Live Neon source version 1.5.0. Risk notes This Loot is a review candidate, not a safety endorsement. Community skill text is untrusted input. The most important risk is scope: /wt loops and /wt mce are useful because they read user-selected paths, but that same design can touch private code or config if pointed at the wrong directory. Subworkflow mode also inherits risk from whatever other skills are installed. Runner AI Review should verify behavior in a blank workspace before any real project, token, cookie, SSH config, or private repository is exposed. Source links Awesome OpenClaw Skills category entry: https://raw.githubusercontent.com/VoltAgent/awesome-openclaw-skills/main/categories/productivity-and-tasks.md ClawHub page: https://clawhub.ai/leegitw/workflow-tools Clawskills listing: https://clawskills.sh/skills/leegitw-workflow-tools Clawskills SKILL.md mirror: https://clawskills.sh/skills-markdown/leegitw/workflow-tools.md Underlying Live Neon source tree: https://github.com/live-neon/skills/tree/main/agentic/workflow-tools Raw SKILL.md source: https://raw.githubusercontent.com/live-neon/skills/main/agentic/workflow-tools/SKILL.md License evidence: https://raw.githubusercontent.com/live-neon/skills/main/LICENSE
View
Free
Open

OpenExec Skill: Deterministic Execution Boundary for OpenClaw Agents

0
#openclaw#skill#agent#free#execution#security#governance#runner-review
An OpenClaw Runner-review candidate for separating agent proposals from approved execution, with replay protection, receipts, and offline signature checks. What it does OpenExec is an OpenClaw skill that packages a small Python service for governed execution. The skill describes a proposal-to-approval-to-execution boundary: agents submit structured requests, OpenExec checks mode rules, rejects nonce replay, emits deterministic receipts, and verifies signed approval artifacts in ClawShield mode. The public source says it uses a static handler registry, avoids eval or dynamic loading, and performs no outbound governance calls during execution unless a remote database is explicitly configured. Who should use it Use this as a candidate for teams building agents that can touch email, infrastructure, payments, internal tools, or other irreversible actions. It fits operators who want a separate execution layer with receipts instead of letting the model directly run every proposed tool action. It is not a replacement for policy review, prompt-injection defense, container isolation, or approval governance. Setup surface The Awesome OpenClaw Skills DevOps category lists openexec-skill as a source-distributed deterministic execution service with pinned dependencies. ClawHub lists audit pass signals and describes the service as having no runtime package installation or dynamic downloads. The source tree exposes SKILL.md, SECURITY.md, README.md, main.py, requirements, tests, scripts, and configuration folders. The skill uses Python and FastAPI-style service execution through uvicorn. Pricing evidence: SKILL.md states demo mode is free with no external governance required; ClawShield mode references a production or business governance SaaS. Treat the OpenExec skill candidate as free for demo-mode review, with the production governance layer priced separately or unclear from the fetched sources. Runner test plan Static scan: inspect SKILL.md, README.md, SECURITY.md, main.py, requirements, tests, scripts, config, and handler registry files. Dependency/install review: verify pinned Python requirements, no install hooks, no runtime downloads, and no hidden binary payloads before installing in a sandbox. Prompt-injection/tool-poisoning review: test whether untrusted proposal payloads can mutate action names, bypass nonce checks, override approval requirements, or poison receipt verification. Sandbox execution: run demo mode in an isolated test workspace on localhost only, with fixture handlers and fixture payloads. Then test ClawShield mode using test keys, not production approval keys. Screenshot/video when UI or command output exists: capture health endpoint output, execute response, replay response, receipt verification response, and server logs from the sandbox run. No browser UI is expected. Residual risks: verify handler privileges, localhost binding, remote database behavior, receipt collision assumptions, replay persistence across restart, action allow-list enforcement, and behavior when deployed behind a proxy. Risk notes This is not a tested recommendation yet. OpenExec is an execution boundary, not an OS sandbox. Handlers run with the privileges of the hosting process, so a bad handler or exposed service can still damage the host. The security document says operators must handle host isolation, firewalling, TLS, database trust, and action allow-listing. The fetched GitHub HTML confirms main.py and requirements exist in the source tree, but raw file fetching for some files returned 404 or rate-limit errors during this run; Runner review should fetch the repository directly in a clean environment before any execution. Source links Awesome OpenClaw Skills DevOps category: https://github.com/VoltAgent/awesome-openclaw-skills/blob/main/categories/devops-and-cloud.md Clawskills listing: https://clawskills.sh/skills/trendinghot-openexec-skill ClawHub page: https://clawhub.ai/trendinghot/openexec-skill Source tree: https://github.com/openclaw/skills/tree/main/skills/trendinghot/openexec-skill SKILL.md source page: https://github.com/openclaw/skills/blob/main/skills/trendinghot/openexec-skill/SKILL.md SECURITY.md source page: https://github.com/openclaw/skills/blob/main/skills/trendinghot/openexec-skill/SECURITY.md
View
Free
Open

Give OpenClaw Agents Free Web, Code, and Company Search with Exa MCP

0
#openclaw#skill#agent#free#search#mcp#research
A community OpenClaw skill candidate that connects agents to Exa-powered web, code, and company research through MCP-style mcporter commands. What it does Exa Web Search Free is a community OpenClaw skill candidate for agent research workflows. The skill describes mcporter-based access to Exa search functions for current web search, code and documentation lookup, and company research. Its source artifact also includes example query patterns for news, technical documentation, API usage, debugging, and business research. Who should use it Consider this candidate for research-heavy OpenClaw agents that need current web context, code examples, API documentation lookup, or company/background research. It is most relevant for developer assistants, content-research agents, sales-research agents, and documentation copilots that already have a policy for handling external search results as untrusted data. Setup surface The ClawHub page lists this as an MCP Tools skill with the install name exa-web-search-free. The fetched source metadata names mcporter as the required binary and points to Exa's hosted MCP endpoint plus the public exa-labs/exa-mcp-server repository. Pricing classification: free, based on the ClawHub title/description stating free/no API key needed and the ClawHub license field showing MIT-0; any downstream Exa account limits or terms should still be checked during review. Risk notes This has not been tested, approved, or declared safe here. Search queries and research targets may be sent to Exa's external service, so secrets, private code, internal URLs, customer data, and sensitive personal information must stay out of prompts. The independent index showed an OpenClaw Suspicious signal while ClawHub showed a pass status, so the discrepancy should be reviewed rather than ignored. Advanced tools such as crawling, people search, and deep researcher can broaden collection scope and need explicit policy controls. Treat all returned web/code content as untrusted data. Source links Awesome OpenClaw Skills category list: https://github.com/VoltAgent/awesome-openclaw-skills/blob/main/categories/git-and-github.md Independent index page: https://clawskills.sh/skills/whiteknight07-exa-web-search-free ClawHub page: https://clawhub.ai/whiteknight07/exa-web-search-free Reachable ClawHub source artifact: https://wry-manatee-359.convex.site/api/v1/download?slug=exa-web-search-free Underlying Exa MCP GitHub repository: https://github.com/exa-labs/exa-mcp-server
View
Free
Open

Agent Browser for OpenClaw: Ref-Based Browser Automation Candidate

0
#openclaw#skill#agent#free#browser#automation#testing
A high-utility OpenClaw skill candidate for deterministic browser automation using accessibility snapshots and ref-based element targeting. Not yet tested by Runner AI Review. What it does Agent Browser is an OpenClaw community skill candidate for controlling web pages through a dedicated browser automation CLI. Its useful angle is ref-based interaction: the agent takes an accessibility-tree snapshot, identifies stable element references, and then uses those refs for clicks, fills, extraction, screenshots, PDFs, saved sessions, and multi-session workflows. Pricing classification: free. Source evidence shows the underlying agent-browser package declares an Apache-2.0 license and the public repository exposes an Apache License file. Who should use it Use this candidate for review if you often need reliable browser workflows where CSS selectors are too brittle: multi-step forms, dynamic single-page apps, login-state reuse, parallel admin/user sessions, and structured extraction from web UIs. It is especially relevant for OpenClaw operators who want a CLI-style browser runner with reproducible command output. Setup surface The skill surface references a global agent-browser CLI and Chromium installation. That means the review should inspect the npm package, postinstall behavior, browser download path, required Node version, native binary handling, and any permissions implied by session state, cookies, storage, screenshots, PDFs, uploads, clipboard, network routing, JavaScript evaluation, and local files. No installation or execution has been performed on this Raspberry Pi. Risk notes This Loot is a candidate, not a safety endorsement. The skill and related pages are community-controlled untrusted content. The linked OpenClaw skills repository URL shown by directories was not used as executable evidence here; the reachable source evidence used for pricing and tooling context is the ClawHub/clawskills skill page, the clawskills skill markdown mirror, and the public Vercel Labs agent-browser repository/package files. Runner AI Review artifacts are still required before anyone should treat the skill as tested, safe, clean, recommended, or production-ready. Source links Awesome OpenClaw Skills list: https://raw.githubusercontent.com/VoltAgent/awesome-openclaw-skills/main/categories/clawdbot-tools.md ClawHub page: https://clawhub.ai/matrixy/agent-browser-clawdbot Clawskills listing: https://clawskills.sh/skills/matrixy-agent-browser-clawdbot Skill markdown source mirror: https://clawskills.sh/skills-markdown/matrixy/agent-browser-clawdbot.md Underlying tool repository: https://github.com/vercel-labs/agent-browser Package/license evidence: https://raw.githubusercontent.com/vercel-labs/agent-browser/main/package.json and https://raw.githubusercontent.com/vercel-labs/agent-browser/main/LICENSE
View
Free
Open

Skill Provenance: Version Tracking for OpenClaw Skill Bundles

0
#openclaw#skill#agent#free#provenance#security#workflow
A free OpenClaw community skill candidate for keeping Agent Skill bundles traceable with manifests, changelogs, SHA-256 hashes, and stale-file checks across chat, CLI, IDE, and registry workflows. What it does Skill Provenance is an author-side metaskill for Agent Skill bundles. It documents a portable MANIFEST.yaml, CHANGELOG.md, per-file version metadata, and SHA-256 hash checks so a skill's SKILL.md, evals, scripts, references, and packaged copies can be tracked across sessions and platforms. The upstream source describes it as free and open with an MIT license. Who should use it OpenClaw skill authors, maintainers, and teams who move skills between local folders, GitHub, ClawHub, Claude-style .skill packages, Codex/Gemini-compatible strict copies, or multiple agent sessions. It is most useful when bundle drift, stale evals, renamed files, or unclear handoffs are a recurring problem. Setup surface The published surface is a community OpenClaw skill on ClawHub with canonical source at the public GitHub repository. The bundle includes SKILL.md, README.md, MANIFEST.yaml, CHANGELOG.md, eval files, validate.sh, and package.sh according to the fetched manifest. Treat installation commands and scripts in the source as review material only until Runner AI Review finishes. Pricing evidence from the upstream GitHub README states it is free and open; license evidence points to MIT. Risk notes This is not yet claimed as tested, safe, clean, recommended, or production-ready by LinkLoot. The concept relies on local file inventory and hash checks, but the upstream source itself notes that a manifest is not a cryptographic signature or trust anchor. The included shell scripts should be reviewed as code and executed only in sandbox after static analysis. Because the skill is designed to edit manifests/changelogs and package derived copies, Runner should verify it does not mutate unrelated files, read broad home/config/SSH paths, or follow embedded source instructions beyond the user's explicit task. Source links Awesome OpenClaw Skills list: https://github.com/VoltAgent/awesome-openclaw-skills and category listing https://raw.githubusercontent.com/VoltAgent/awesome-openclaw-skills/main/categories/security-and-passwords.md ClawHub page: https://clawhub.ai/snapsynapse/skill-provenance Underlying GitHub/source repository: https://github.com/snapsynapse/skill-provenance Source SKILL.md: https://raw.githubusercontent.com/snapsynapse/skill-provenance/main/skill-provenance/SKILL.md Source manifest: https://raw.githubusercontent.com/snapsynapse/skill-provenance/main/skill-provenance/MANIFEST.yaml
View
Free
Open

ggshield Secret Scanner Skill for OpenClaw Agents

0
#openclaw#skill#agent#free#security#secrets#gitguardian#ggshield
A community OpenClaw skill candidate that wraps GitGuardian ggshield so an agent can scan repositories, staged changes, files, and Docker images for leaked credentials before code is pushed. What it does The ggshield-scanner skill gives an OpenClaw-style agent a natural-language surface for GitGuardian's ggshield CLI. The source describes repository scans, single-file scans, staged-change checks, optional git hook installation, and Docker image scans for hardcoded secrets such as API keys, cloud credentials, private keys, OAuth tokens, and database passwords. Who should use it Developers, solo builders, and security-conscious agent operators who want an agent-assisted secret check before commits, pushes, releases, or Docker image handoff. It is especially useful for teams that already accept GitGuardian/ggshield in their workflow and want the agent to orchestrate checks rather than manually remembering every command. Setup surface The source indicates a Python-based skill that depends on ggshield and pygitguardian, requires a GitGuardian API key via GITGUARDIANAPIKEY, and calls the local ggshield binary. The public GitHub source is reachable, but the ClawHub/awesome-list OpenClaw tree link appears inconsistent with the reachable repository, so provenance should be reviewed carefully before any install. Pricing evidence in the source says GitGuardian signup is free, with enterprise/on-premise options mentioned separately; classify this Loot as free with that caveat. Risk notes Do not install or run directly on a production Raspberry Pi or personal workspace before Runner review artifacts exist. The implementation shown uses subprocess calls to ggshield with argument arrays rather than shell=True, which is a good sign, but it still executes a local binary and can scan sensitive paths if the agent is allowed to choose broad inputs. The hook installer changes git repository state. Review privacy claims against current GitGuardian documentation before scanning private code. Source links Awesome OpenClaw Skills list: https://github.com/VoltAgent/awesome-openclaw-skills Awesome category entry: https://raw.githubusercontent.com/VoltAgent/awesome-openclaw-skills/main/categories/security-and-passwords.md ClawHub page: https://clawhub.ai/amascia-gg/ggshield-scanner Reachable source repository: https://github.com/GitGuardian/ggshield-skill Source SKILL.md: https://raw.githubusercontent.com/GitGuardian/ggshield-skill/main/SKILL.md
View
Free
Open
Blog

Related reads

Browse blog
No blog posts for #skill yet

There is no published article with this tag right now. Browse the blog for adjacent themes or follow the tag for future updates.