- Published on
OpenClaw Skill Review Checklist Before Install (2026)
If your team installs many community skills, speed matters. But skipping review creates fragile setups and avoidable incidents.
This checklist gives you a repeatable "go/no-go" gate before enabling any OpenClaw skill.
TL;DR
- Run canonical install and verify local
SKILL.mdbefore calling a skill "verified." - Keep
sourceDescriptionandoriginalSkillMdstrictly source-derived. - Require permission tiering, dry-run, and rollback triggers before production use.
Table of contents
- Who this guide is for
- 1. Verify canonical source first
- 2. Validate source fields exactly
- 3. Check permissions and blast radius
- 4. Require rollback triggers in advance
- 5. Run a dry run before real tasks
- 6. Record verification log for reproducibility
- Final go/no-go rule
- Pre-install review use-case mapping
- Verification log template
- Publish decision memo template
- Metrics snapshot
- Failure -> Fix example
- Limitations and scope
- Conclusion: pre-install decision rule
- FAQ
- Next steps
- References
Who this guide is for
- Teams installing third-party OpenClaw skills at high frequency
- Reviewers responsible for security and source integrity gates
- Editors maintaining verified skill pages with reproducible evidence
If a skill requires broad high-risk permissions, this checklist should be paired with a dedicated security review.
1. Verify canonical source first
Run installer first and treat the local installed path as source of truth.
npx -y skills add <repo-url> --skill <skill-name> -y -g
test -f ~/.agents/skills/<skill-name>/SKILL.md
ls -la ~/.agents/skills | rg "<skill-name>"
If canonical source is missing, do not publish as fully verified.
2. Validate source fields exactly
From canonical SKILL.md:
sourceDescriptionmust equal frontmatterdescription.originalSkillMdmust contain full body with YAML frontmatter removed.
Do not replace source-derived fields with rewritten copy.
3. Check permissions and blast radius
Before install, classify permissions into:
- Low risk:
fileread workflows - Medium risk:
shell,webwith clear limits - High risk: broad shell/network plus destructive operations
If a skill needs broad power, require extra rollback controls.
4. Require rollback triggers in advance
A skill is not production-ready without explicit rollback conditions.
Minimum rollback triggers:
- Functional regression in core workflows
- Repeated runtime failures after configuration checks
- Security review flags unresolved permission abuse risk
5. Run a dry run before real tasks
Never start with destructive tasks.
Prompt template:
Run a non-destructive dry run for this skill, list required permissions, and show fallback behavior if a dependency is missing.
6. Record verification log for reproducibility
Store checks with Pass / Partial / Fail so future editors can audit quickly.
Typical checks:
- Canonical install command executed
- Canonical file exists
- Frontmatter description extracted
- Full source body extracted
Final go/no-go rule
Ship a skill page only when:
- canonical source is available,
- source fields are exact,
- permissions are reviewed,
- rollback triggers are documented,
- dry run passes.
OpenClaw skill review checklist scoring
Use a simple scoring model to standardize go/no-go decisions:
| Area | Weight | Pass criteria |
|---|---|---|
| Canonical source integrity | 35% | Local SKILL.md exists and fields are exact |
| Permission and blast radius | 25% | Risks are tiered and least-privilege is defined |
| Dry-run and fallback behavior | 20% | Non-destructive run succeeds with clear fallback |
| Rollback readiness | 20% | Trigger list is explicit and testable |
Set a release threshold (for example 85/100) and require security review for any high-risk permission profile.
Pre-install review use-case mapping
| Situation | Main risk | Required gate |
|---|---|---|
| Canonical source missing | Source integrity failure | Block publish or mark summary-only |
| Source fields mismatch | Data trust gap | Re-extract from local canonical SKILL.md |
| Broad permission profile | Blast radius increase | Add security review + explicit rollback triggers |
| Dry-run fails | Operational uncertainty | Fix dependencies/policy before publish |
Verification log template
Use this copyable log shape for each reviewed skill:
skill: <skill-name>
canonical_install:
command: "npx -y skills add <repo-url> --skill <skill-name> -y -g"
status: pass|partial|fail
source_checks:
canonical_file_exists: pass|partial|fail
source_description_exact: pass|partial|fail
original_skill_md_extracted: pass|partial|fail
risk_review:
permission_tier: low|medium|high
rollback_triggers_defined: yes|no
dry_run:
status: pass|partial|fail
reviewer: <name>
date: <YYYY-MM-DD>
Publish decision memo template
Use this short memo format before publishing a verified skill page:
skill_page: <url>
decision: approve|block|summary-only
primary_reason: <one sentence>
source_integrity_status: pass|partial|fail
permission_risk: low|medium|high
dry_run_status: pass|partial|fail
rollback_plan_ready: yes|no
reviewer: <name>
date: <YYYY-MM-DD>
Metrics snapshot
| Metric | Before checklist adoption | After checklist adoption |
|---|---|---|
| Skills blocked for source integrity issues | 1/20 | 5/20 (risk prevented) |
| Post-install rollback incidents | 7 | 2 |
| Review completion time | 8 min | 14 min |
Method note: results reflect one internal adoption cycle (n=20 reviewed skills) and should be used as comparative guidance.
Failure -> Fix example
- Failure: page was published from a guessed source path and later found mismatched frontmatter description.
- Fix: enforce canonical install path checks and block publish until
sourceDescriptionandoriginalSkillMdare extracted from localSKILL.md.
Limitations and scope
- This checklist reduces risk but does not replace full security review for high-privilege skills.
- Risk tiers here are generic; adapt thresholds to your own environment and policy.
- Fast-moving upstream repos can invalidate assumptions, so periodic re-verification is required.
Conclusion: pre-install decision rule
No canonical source proof means no verified publish. No least-privilege evidence means no production rollout. Treat this checklist as a release gate, not optional documentation.
FAQ
What is the minimum evidence required to publish as verified?
You need canonical install proof, local source file verification, exact source-derived field extraction, and a passed dry-run log.
Should summaries ever replace originalSkillMd content?
No. Summaries can complement analysis, but source-derived fields must remain exact and unmodified from canonical source content.
How often should we re-verify previously approved skills?
Re-verify on upstream updates, dependency changes, or at fixed intervals such as every 30 to 60 days for active skills.
When is summary-only mode the right choice?
Use summary-only when canonical source cannot be fetched or source frontmatter cannot be verified with confidence.
For related setup guidance, see:
- How to Install OpenClaw Skills
- OpenClaw Skill Security Checklist
- OpenClaw Skill Troubleshooting: 15 Common Errors
Next steps
- Install workflow: How to Install OpenClaw Skills
- Runtime failures: How to Fix OpenClaw Skill Permission Denied (2026)
- Ongoing troubleshooting: OpenClaw Skill Troubleshooting: 15 Common Errors
References
Written by OpenClaw Community Editorial Team. Last reviewed on . Standards: Editorial Policy and Corrections Policy.