Trust and Safety

This catalog is curated and versioned. Every merge runs compatibility, safety, and packaging checks before artifacts are published.

Hard bans (CI fails)

  • Obfuscated or base64 shell execution instructions.
  • Piped installers like curl | bash or wget | sh.
  • Directions to disable security protections.
  • Runtime fetching of hidden remote instructions.
  • Any token, credential, or key exfiltration language.

Quality controls

Frontmatter validator

Enforces cross-agent compatible name and description constraints.

Cross-platform lint

Ensures single-line frontmatter and required deterministic skill sections.

Pack builder

Builds per-skill and per-pack ZIP artifacts for OpenClaw, Claude Code, and Codex.

Integrity

Release outputs include checksums.txt plus transparent CI build logs.