Awesome OpenClaw Skills — agentic threat model
Awesome OpenClaw Skills is a static curated directory rather than an active agentic runtime, meaning its direct agentic execution risk is negligible; however, it presents a significant supply chain risk as a hub for third-party integrations.
OWASP AIVSS score rationale
| Autonomy of Action | 0.00 | |
| Goal-Driven Planning | 0.00 | |
| Self-Modification | 0.00 | |
| Dynamic Tool Use | 0.00 | |
| Persistent Memory | 0.00 | |
| Contextual Awareness | 0.00 | |
| Dynamic Identity | 0.00 | |
| Multi-Agent Interactions | 0.00 | |
| Non-Determinism | 0.00 | |
| Opacity & Reflexivity | 0.00 |
Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.
MAESTRO 7-layer threat model
Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.
Not certain from the listing — This resource is a curated directory of skills and does not host, run, or directly interface with foundation models.
Not certain from the listing — The repository contains markdown lists and metadata rather than active databases, vector stores, or RAG data pipelines.
Not certain from the listing — While it catalogs skills designed for the OpenClaw framework, the repository itself does not execute orchestration or agent framework code.
Not certain from the listing — The directory is hosted on GitHub; there is no runtime infrastructure, execution environment, or sandboxing managed by this project.
Not certain from the listing — No monitoring, logging, or automated guardrails are described for verifying the runtime safety of the listed skills.
Not certain from the listing — There are no details regarding submission vetting, code signing, or compliance policies for the listed community skills.
As a central directory for the OpenClaw ecosystem, this repository is highly exposed to supply chain threats. Attackers could attempt to list malicious skills, redirect links to compromised repositories, or exploit trust in the curated list to distribute rogue integrations to downstream users.
MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).