What it does
Marketplace Trust Gate is a buyer-side pre-install risk gate for OpenClaw marketplace and community skills. Before installing any third-party skill, point it at the local skill folder and get a scored recommendation with severity-ranked findings and secret values automatically redacted from evidence output.
It detects remote-installer-pipe patterns (curl|bash), subprocess execution, destructive commands, prompt-boundary overrides, and network-write patterns — without executing the inspected code. Stdlib-only, read-only, mutated_files: [].
Use cases
- Cautious buyers who want a safety verdict before installing community skills from ClawHub or GitHub.
- Operators running regular ClawHub installs who need a repeatable, evidence-backed pre-install gate.
- Teams standardising safe skill intake with a governance-friendly scored verdict and redacted evidence log.
What it detects
- Remote installer pipe patterns (
curl | bash,wget | sh) - Subprocess execution and shell=True patterns
- Destructive filesystem commands
- Prompt-boundary override instructions
- Network write and exfiltration patterns
- Secret-like content in skill files (redacted from output)
Example usage
python3 scripts/trust_gate.py --target /path/to/skill-folder --json
python3 scripts/trust_gate.py --self-test --json
Example output
{
"ok": true,
"recommendation": "INSTALL_OK",
"risk_score": 0,
"findings": [],
"files_scanned": 4,
"mutated_files": []
}
Requirements
- Python 3.10+ recommended; scripts use Python standard library only
- No API keys, model credentials, network access, or third-party packages required
- Local file access to the skill folder being inspected
QA and security
This skill has been reviewed and cleared for release through the GetAgentIQ release pipeline with Viper QA (4/4 scenarios PASS including secret redaction confirmation) and Warlock security sign-off (2026-05-29). Stdlib-only, read-only scanner — never executes inspected code, no network calls, no config or cron mutation, mutated_files: [].