Audit Report February 5, 2026

10 New Skills Audited: From SDLC Mastery to VM Control

Our latest audit batch covers everything from development methodology to infrastructure management. One skill scored a perfect 9.0/10. Another poses significant risk.

Every week, we audit OpenClaw skills and publish our findings. This batch of 10 skills covers a wide spectrum: productivity tools, infrastructure automation, messaging utilities, and even a baby tracker.

The Standouts

πŸ†

sdlc-skill

Software Development Lifecycle methodology

9.0
🟒 Low Risk

A documentation-only methodology skill that enforces disciplined software development practices. No network access. No file system writes. Just pure process guidance for Agile workflows.

What impressed us:

  • βœ“ Zero external dependencies
  • βœ“ No credential handling
  • βœ“ Read-only methodology enforcement
  • βœ“ Clear, documented processes
πŸ””

clawd-notify-skill

Cross-session messaging

8.0
🟒 Low Risk

Simple cross-session messaging for OpenClaw. It does one thing well: notify other sessions. The attack surface is minimal because the functionality is intentionally constrained. No external APIs, no credential storage.

⏰

lobster-jobs

Cron-to-workflow converter

7.0
🟑 Medium Risk

This is clever: it transforms OpenClaw cron jobs into Lobster workflows with approval gates. The medium risk rating comes from its ability to execute jobs, but the approval mechanism adds a valuable safety layer. This is how you build automation with guardrails.

The Infrastructure Stack

Three skills target DevOps workflows, each with medium risk ratings that reflect their power.

☁️ 6.0

vercel-skill

Vercel deployments

CLI wrapper for Vercel. Risk comes from deployment capabilitiesβ€”this can push code to production.

πŸ“¦ 6.5

supabase-skill

Database management

Handles Supabase credentials and can execute SQL. Read-only defaults help security.

πŸ“§ 6.5

ansible-skill

Infrastructure automation

Multi-body Yjs coordination. Powerful when needed, dangerous if misconfigured.

The High-Risk Outlier

⚠️

kvm-manager-skill

KVM/libvirt VM management

4.0
πŸ”΄ High Risk

This skill provides comprehensive KVM/libvirt virtual machine management: start, stop, create, and delete VMs. It requires sudo access.

The risk is straightforward: full VM lifecycle control means a compromised agent could destroy infrastructure. The 4.0/10 score reflects this power combined with the lack of additional safety mechanisms.

βœ“ When to use it

Homelabs, development environments, non-production infrastructure

βœ— When to avoid it

Production systems, shared hosting, anywhere VM destruction would be catastrophic

The Productivity Suite

Email and cloud storage integrations with medium risk profiles.

πŸ“€

email-send-skill

6.5

SMTP integration via nodemailer. The risk here is credential storageβ€”SMTP passwords need to be handled carefully. Proper environment variable isolation is essential.

πŸ“‚

dropbox-skill

6.5

OAuth-based Dropbox integration with automatic token refresh. The medium risk comes from cloud storage access and the OAuth flow complexity.

The Curveball

πŸ‘Ά

huckleberry-skill

Baby tracker

6.0
🟑 Medium Risk

A baby tracker that uses reverse-engineered API access to Huckleberry's service. We're not kiddingβ€”this exists, and it's surprisingly well-built. The risk comes from the unofficial API usage and credential handling, but the functionality is focused and well-scoped.

Score Distribution

Score Risk Level Skills
9.0 🟒 Low sdlc-skill
8.0 🟒 Low clawd-notify-skill
7.0 🟑 Medium lobster-jobs
6.5 🟑 Medium email-send-skill, supabase-skill, ansible-skill, dropbox-skill
6.0 🟑 Medium vercel-skill, huckleberry-skill
4.0 πŸ”΄ High kvm-manager-skill

Key Takeaways

Documentation-only skills are the gold standard

The sdlc-skill proves that powerful functionality doesn't require risky permissions. When a skill can do its job without network access or credential handling, it should.

Approval gates matter

The lobster-jobs skill demonstrates how to add safety to powerful automation. If your skill can execute actions, consider adding human checkpoints.

Sudo requirements need scrutiny

The kvm-manager-skill is well-built, but its sudo requirement makes it inherently high-risk. Users should understand exactly what they're granting before installing.

Full Audit Reports

Every skill audited has a detailed report available:

sdlc-skill β†’ clawd-notify-skill β†’ lobster-jobs β†’ kvm-manager-skill β†’ email-send-skill β†’ supabase-skill β†’ ansible-skill β†’ dropbox-skill β†’ vercel-skill β†’ huckleberry-skill β†’

Browse all 85+ verified skills at secureskills.io/skills