Skills Governance

Skills Stewardship Dashboard

Track freshness, risk, systems access, and token contracts across your local skill ecosystem.

Inventory generated: 2026-02-26T04:46:15.526589Z | Dashboard rendered: 2026-02-26 04:46 UTC

Total Skills
19
Critical Risk
0
High Risk
0
Stale >= 90d
0
Skills Requiring Tokens
13

Skill Inventory

Compact view by default. Open row details for full governance data.
Skill Source Install Footprint Risk Freshness Systems Access Required Tokens Validation Details
todoist
shared-first-party
/Users/wade/Development/shared-skills/todoist-ai		 shared-first-party 3 install(s) MEDIUM 38
requires_secrets, mutation_surface, validation_fail		 2026-02-22T17:16:46.531948Z
3d stale		 Local shell/CLI execution, Todoist API 1 token(s)
Todoist		 fail
Show details

Install Locations

  • codex symlink
    /Users/wade/.codex/skills/todoist-ai
  • openclaw symlink
    /Users/wade/.openclaw/skills/todoist-ai
  • shared
    /Users/wade/Development/shared-skills/todoist-ai

Systems Access

  • Local shell/CLI execution (scripts/:present)
  • Todoist API (keyword:todoist)

Required Tokens

  • TODOIST_API_TOKEN (access_token, Todoist)

Validation

fail
Unexpected key(s) in SKILL.md frontmatter: user-invocable. Allowed properties are: allowed-tools, description, license, metadata, name

Improvement Candidates

  • Add an explicit guardrails section with non-negotiable safety constraints.
  • Add a dry-run-by-default flow with explicit apply confirmation.
  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.

Top Web Signal

None
find-skills
external-linked
/Users/wade/.agents/skills/find-skills		 external-linked 2 install(s) MEDIUM 30
untrusted_or_unknown_source, mutation_surface		 2026-02-24T23:22:09.491054Z
1d stale		 Browser/Web Automation, GitHub API None pass
Show details

Install Locations

  • codex symlink
    /Users/wade/.codex/skills/find-skills
  • openclaw symlink
    /Users/wade/.openclaw/skills/find-skills

Systems Access

  • Browser/Web Automation (keyword:playwright)
  • GitHub API (keyword:github)

Required Tokens

None

Validation

pass
Skill is valid!

Improvement Candidates

  • Add an explicit guardrails section with non-negotiable safety constraints.
  • Add a dry-run-by-default flow with explicit apply confirmation.
  • Add authoritative references for operational and security decisions.

Top Web Signal

None
web-design-guidelines
external-linked
/Users/wade/.agents/skills/web-design-guidelines		 external-linked 1 install(s) MEDIUM 30
untrusted_or_unknown_source, mutation_surface		 2026-02-26T00:30:27.533458Z
0d stale		 GitHub API None pass
Show details

Install Locations

  • openclaw symlink
    /Users/wade/.openclaw/skills/web-design-guidelines

Systems Access

  • GitHub API (keyword:github)

Required Tokens

None

Validation

pass
Skill is valid!

Improvement Candidates

  • Add an explicit guardrails section with non-negotiable safety constraints.
  • Add a dry-run-by-default flow with explicit apply confirmation.
  • Add authoritative references for operational and security decisions.

Top Web Signal

Sfedfcv/redesigned-pancake
github
cloudflare-deploy
local-codex
/Users/wade/.codex/skills/cloudflare-deploy		 local-codex 2 install(s) LOW 25
requires_secrets, mutation_surface		 2026-02-26T04:34:02.790180Z
0d stale		 1Password Vault/API, Anthropic API, +8 more 37 token(s)
Anthropic, GitHub, +3		 pass
Show details

Install Locations

  • codex
    /Users/wade/.codex/skills/cloudflare-deploy
  • openclaw symlink
    /Users/wade/.openclaw/skills/cloudflare-deploy

Systems Access

  • 1Password Vault/API (keyword:op )
  • Anthropic API (token:ANTHROPIC_API_KEY)
  • Browser/Web Automation (keyword:playwright)
  • Desktop Screenshot Access (keyword:screenshot)
  • GitHub API (keyword:github)
  • Linear API (keyword:linear)
  • OpenAI API (token:OPENAI_API_KEY)
  • Slack Workspace/API (keyword:slack)
  • Stripe API (keyword:stripe)
  • iMessage (macOS Messages) (keyword:messages)

Required Tokens

  • AI_SEARCH_TOKEN (access_token, Unknown)
  • ANTHROPIC_API_KEY (api_key, Anthropic)
  • API_KEY (api_key, Unknown)
  • API_TOKEN (access_token, Unknown)
  • CALLS_APP_SECRET (shared_secret, Unknown)
  • CF_API_TOKEN (access_token, Unknown)
  • CF_TOKEN (access_token, Unknown)
  • CLOUDFLARE_API_KEY (api_key, Unknown)
  • CLOUDFLARE_API_TOKEN (access_token, Unknown)
  • COMPLETION_TOKEN (access_token, Unknown)
  • DB_PASSWORD (password, Unknown)
  • GITHUB_CLIENT_ID (oauth_client_id, GitHub)
  • GITHUB_CLIENT_SECRET (oauth_client_secret, GitHub)
  • GITHUB_TOKEN (access_token, GitHub)
  • GIT_TOKEN (access_token, Unknown)
  • HMAC_SECRET (shared_secret, Unknown)
  • JWT_SECRET (shared_secret, Unknown)
  • MY_SECRET (shared_secret, Unknown)
  • NEXT_PUBLIC_CF_ANALYTICS_TOKEN (access_token, Unknown)
  • OPENAI_API_KEY (api_key, OpenAI)
  • OPENAI_KEY (api_key, OpenAI)
  • R2_TOKEN (access_token, Unknown)
  • SECRET (shared_secret, Unknown)
  • SECRET_KEY (api_key, Unknown)
  • STRIPE_API_KEY (api_key, Stripe)
  • STRIPE_KEY (api_key, Stripe)
  • TOKEN (credential, Unknown)
  • TUNNEL_TOKEN (access_token, Unknown)
  • TURNSTILE_SECRET (shared_secret, Unknown)
  • TURN_KEY_SECRET (shared_secret, Unknown)
  • TURN_SERVICE_TOKEN (access_token, Unknown)
  • WEBHOOK_SECRET (webhook_secret, Unknown)
  • WORKER_SECRET (shared_secret, Unknown)
  • WRANGLER_R2_SQL_AUTH_TOKEN (access_token, Unknown)
  • YOUR_API_TOKEN (access_token, Unknown)
  • YOUR_CATALOG_TOKEN (access_token, Unknown)
  • YOUR_TOKEN (access_token, Unknown)

Validation

pass
Skill is valid!

Improvement Candidates

  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.

Top Web Signal

None
render-deploy
local-codex
/Users/wade/.codex/skills/render-deploy		 local-codex 1 install(s) LOW 25
requires_secrets, mutation_surface		 2026-02-26T04:40:10.377132Z
0d stale		 1Password Vault/API, Browser/Web Automation, +3 more 8 token(s)
Stripe, Unknown		 pass
Show details

Install Locations

  • codex
    /Users/wade/.codex/skills/render-deploy

Systems Access

  • 1Password Vault/API (keyword:op )
  • Browser/Web Automation (keyword:browser)
  • GitHub API (keyword:github)
  • Stripe API (keyword:stripe)
  • iMessage (macOS Messages) (keyword:messages)

Required Tokens

  • API_KEY (api_key, Unknown)
  • JWT_SECRET (shared_secret, Unknown)
  • NEXTAUTH_SECRET (shared_secret, Unknown)
  • RENDER_API_KEY (api_key, Unknown)
  • SECRET_KEY (api_key, Unknown)
  • SESSION_SECRET (shared_secret, Unknown)
  • STRIPE_SECRET_KEY (api_key, Stripe)
  • YOUR_API_KEY (api_key, Unknown)

Validation

pass
Skill is valid!

Improvement Candidates

  • Add a dry-run-by-default flow with explicit apply confirmation.
  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.

Top Web Signal

None
security-best-practices
local-codex
/Users/wade/.codex/skills/security-best-practices		 local-codex 1 install(s) LOW 25
requires_secrets, mutation_surface		 2026-02-23T18:30:36.270743Z
2d stale		 1Password Vault/API, Browser/Web Automation, +3 more 9 token(s)
Unknown		 pass
Show details

Install Locations

  • codex
    /Users/wade/.codex/skills/security-best-practices

Systems Access

  • 1Password Vault/API (keyword:op )
  • Browser/Web Automation (keyword:browser)
  • GitHub API (keyword:github)
  • Google Workspace Admin API (keyword:admin sdk)
  • iMessage (macOS Messages) (keyword:messages)

Required Tokens

  • API_KEY (api_key, Unknown)
  • NEXT_PUBLIC_API_KEY (api_key, Unknown)
  • NEXT_PUBLIC_SECRET (shared_secret, Unknown)
  • PASSWORD (password, Unknown)
  • PRIVATE_KEY (api_key, Unknown)
  • SECRET (shared_secret, Unknown)
  • SECRET_KEY (api_key, Unknown)
  • TOKEN (credential, Unknown)
  • VITE_API_KEY (api_key, Unknown)

Validation

pass
Skill is valid!

Improvement Candidates

  • Add a dry-run-by-default flow with explicit apply confirmation.
  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.

Top Web Signal

Secure-D/wastc
github
openclaw-1password
shared-first-party
/Users/wade/Development/shared-skills/openclaw-1password		 shared-first-party 3 install(s) LOW 16
requires_secrets, mutation_surface		 2026-02-26T04:21:51.248860Z
0d stale		 1Password Vault/API, Local shell/CLI execution 2 token(s)
1Password, Unknown		 pass
Show details

Install Locations

  • codex symlink
    /Users/wade/.codex/skills/openclaw-1password
  • openclaw symlink
    /Users/wade/.openclaw/skills/openclaw-1password
  • shared
    /Users/wade/Development/shared-skills/openclaw-1password

Systems Access

  • 1Password Vault/API (keyword:1password)
  • Local shell/CLI execution (scripts/:present)

Required Tokens

  • MY_SECRET (shared_secret, Unknown)
  • OP_SERVICE_ACCOUNT_TOKEN (access_token, 1Password)

Validation

pass
Skill is valid!

Improvement Candidates

  • Add a dry-run-by-default flow with explicit apply confirmation.
  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.

Top Web Signal

None
customerio-onboarding
local-codex
/Users/wade/.codex/skills/customerio-onboarding		 local-codex 1 install(s) LOW 13
requires_secrets, mutation_surface		 2026-02-23T18:24:00.210819Z
2d stale		 Customer.io API, Local shell/CLI execution, +1 more 1 token(s)
Unknown		 pass
Show details

Install Locations

  • codex
    /Users/wade/.codex/skills/customerio-onboarding

Systems Access

  • Customer.io API (keyword:customer.io)
  • Local shell/CLI execution (scripts/:present)
  • iMessage (macOS Messages) (keyword:messages)

Required Tokens

  • CIO_API_KEY (api_key, Unknown)

Validation

pass
Skill is valid!

Improvement Candidates

  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.

Top Web Signal

None
customerio-onboarding
local-openclaw
/Users/wade/.openclaw/skills/customerio-onboarding		 local-openclaw 1 install(s) LOW 13
requires_secrets, mutation_surface		 2026-02-23T18:24:00.214950Z
2d stale		 Customer.io API, Local shell/CLI execution, +1 more 1 token(s)
Unknown		 pass
Show details

Install Locations

  • openclaw
    /Users/wade/.openclaw/skills/customerio-onboarding

Systems Access

  • Customer.io API (keyword:customer.io)
  • Local shell/CLI execution (scripts/:present)
  • iMessage (macOS Messages) (keyword:messages)

Required Tokens

  • CIO_API_KEY (api_key, Unknown)

Validation

pass
Skill is valid!

Improvement Candidates

  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.

Top Web Signal

None
google-admin-incident
local-codex
/Users/wade/.codex/skills/google-admin-incident		 local-codex 1 install(s) LOW 13
requires_secrets, mutation_surface		 2026-02-25T19:25:17.070975Z
0d stale		 1Password Vault/API, Google Workspace Admin API, +1 more 1 token(s)
Google		 pass
Show details

Install Locations

  • codex
    /Users/wade/.codex/skills/google-admin-incident

Systems Access

  • 1Password Vault/API (keyword:op )
  • Google Workspace Admin API (keyword:google admin)
  • Local shell/CLI execution (scripts/:present)

Required Tokens

  • GOOGLE_OAUTH_ACCESS_TOKEN (access_token, Google)

Validation

pass
Skill is valid!

Improvement Candidates

  • Add a dry-run-by-default flow with explicit apply confirmation.
  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.

Top Web Signal

Show HN: Tako AI – Agent for Okta With Natural language (zero hallucination)
hackernews
google-admin-incident
local-openclaw
/Users/wade/.openclaw/skills/google-admin-incident		 local-openclaw 1 install(s) LOW 13
requires_secrets, mutation_surface		 2026-02-25T19:25:17.080035Z
0d stale		 1Password Vault/API, Google Workspace Admin API, +1 more 1 token(s)
Google		 pass
Show details

Install Locations

  • openclaw
    /Users/wade/.openclaw/skills/google-admin-incident

Systems Access

  • 1Password Vault/API (keyword:op )
  • Google Workspace Admin API (keyword:google admin)
  • Local shell/CLI execution (scripts/:present)

Required Tokens

  • GOOGLE_OAUTH_ACCESS_TOKEN (access_token, Google)

Validation

pass
Skill is valid!

Improvement Candidates

  • Add a dry-run-by-default flow with explicit apply confirmation.
  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.

Top Web Signal

Show HN: Tako AI – Agent for Okta With Natural language (zero hallucination)
hackernews
release-video-capture
shared-first-party
/Users/wade/Development/shared-skills/release-video-capture		 shared-first-party 3 install(s) LOW 13
requires_secrets, mutation_surface		 2026-02-23T22:18:18Z
2d stale		 1Password Vault/API, Browser/Web Automation, +3 more 1 token(s)
Unknown		 pass
Show details

Install Locations

  • codex symlink
    /Users/wade/.codex/skills/release-video-capture
  • openclaw symlink
    /Users/wade/.openclaw/skills/release-video-capture
  • shared
    /Users/wade/Development/shared-skills/release-video-capture

Systems Access

  • 1Password Vault/API (keyword:op-)
  • Browser/Web Automation (keyword:playwright)
  • Desktop Screenshot Access (keyword:screenshot)
  • GitHub API (keyword:github)
  • Local shell/CLI execution (scripts/:present)

Required Tokens

  • RELEASE_VIDEO_TEST_PASSWORD (password, Unknown)

Validation

pass
Skill is valid!

Improvement Candidates

  • Add a dry-run-by-default flow with explicit apply confirmation.
  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.

Top Web Signal

None
vimeo
local-codex
/Users/wade/.codex/skills/vimeo		 local-codex 1 install(s) LOW 13
requires_secrets, mutation_surface		 2026-02-22T18:24:24.682582Z
3d stale		 Vimeo API 1 token(s)
Vimeo		 pass
Show details

Install Locations

  • codex
    /Users/wade/.codex/skills/vimeo

Systems Access

  • Vimeo API (keyword:vimeo)

Required Tokens

  • VIMEO_ACCESS_TOKEN (access_token, Vimeo)

Validation

pass
Skill is valid!

Improvement Candidates

  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.
  • Add authoritative references for operational and security decisions.

Top Web Signal

None
vimeo
local-openclaw
/Users/wade/.openclaw/skills/vimeo		 local-openclaw 1 install(s) LOW 13
requires_secrets, mutation_surface		 2026-02-22T18:36:51.133927Z
3d stale		 Vimeo API 1 token(s)
Vimeo		 pass
Show details

Install Locations

  • openclaw
    /Users/wade/.openclaw/skills/vimeo

Systems Access

  • Vimeo API (keyword:vimeo)

Required Tokens

  • VIMEO_ACCESS_TOKEN (access_token, Vimeo)

Validation

pass
Skill is valid!

Improvement Candidates

  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.
  • Add authoritative references for operational and security decisions.

Top Web Signal

None
linear
local-codex
/Users/wade/.codex/skills/linear		 local-codex 1 install(s) LOW 10
mutation_surface		 2026-02-13T00:53:13.473747Z
13d stale		 1Password Vault/API, Browser/Web Automation, +1 more None pass
Show details

Install Locations

  • codex
    /Users/wade/.codex/skills/linear

Systems Access

  • 1Password Vault/API (keyword:op )
  • Browser/Web Automation (keyword:browser)
  • Linear API (keyword:linear)

Required Tokens

None

Validation

pass
Skill is valid!

Improvement Candidates

  • Add an explicit guardrails section with non-negotiable safety constraints.
  • Add a dry-run-by-default flow with explicit apply confirmation.
  • Add authoritative references for operational and security decisions.

Top Web Signal

None
openclaw-imessage
local-codex
/Users/wade/.codex/skills/openclaw-imessage		 local-codex 1 install(s) LOW 10
mutation_surface		 2026-02-22T17:46:47.671709Z
3d stale		 Local shell/CLI execution, iMessage (macOS Messages) None pass
Show details

Install Locations

  • codex
    /Users/wade/.codex/skills/openclaw-imessage

Systems Access

  • Local shell/CLI execution (scripts/:present)
  • iMessage (macOS Messages) (keyword:imessage)

Required Tokens

None

Validation

pass
Skill is valid!

Improvement Candidates

  • Add an explicit guardrails section with non-negotiable safety constraints.
  • Add a dry-run-by-default flow with explicit apply confirmation.

Top Web Signal

None
playwright
local-codex
/Users/wade/.codex/skills/playwright		 local-codex 1 install(s) LOW 10
mutation_surface		 2026-02-13T00:52:59.304883Z
13d stale		 1Password Vault/API, Browser/Web Automation, +3 more None pass
Show details

Install Locations

  • codex
    /Users/wade/.codex/skills/playwright

Systems Access

  • 1Password Vault/API (keyword:op-)
  • Browser/Web Automation (keyword:playwright)
  • Desktop Screenshot Access (keyword:screenshot)
  • Local shell/CLI execution (scripts/:present)
  • iMessage (macOS Messages) (keyword:messages)

Required Tokens

None

Validation

pass
Skill is valid!

Improvement Candidates

  • Add a dry-run-by-default flow with explicit apply confirmation.

Top Web Signal

None
screenshot
local-codex
/Users/wade/.codex/skills/screenshot		 local-codex 1 install(s) LOW 10
mutation_surface		 2026-02-13T00:53:06.449685Z
13d stale		 1Password Vault/API, Browser/Web Automation, +2 more None pass
Show details

Install Locations

  • codex
    /Users/wade/.codex/skills/screenshot

Systems Access

  • 1Password Vault/API (keyword:op )
  • Browser/Web Automation (keyword:playwright)
  • Desktop Screenshot Access (keyword:screenshot)
  • Local shell/CLI execution (scripts/:present)

Required Tokens

None

Validation

pass
Skill is valid!

Improvement Candidates

  • Add an explicit guardrails section with non-negotiable safety constraints.
  • Add a dry-run-by-default flow with explicit apply confirmation.
  • Add authoritative references for operational and security decisions.

Top Web Signal

None
cloudflare-pages-deploy
shared-first-party
/Users/wade/Development/shared-skills/cloudflare-pages-deploy		 shared-first-party 3 install(s) LOW 3
requires_secrets		 2026-02-26T04:32:54.764579Z
0d stale		 1Password Vault/API, GitHub API, +1 more 1 token(s)
1Password		 pass
Show details

Install Locations

  • codex symlink
    /Users/wade/.codex/skills/cloudflare-pages-deploy
  • openclaw symlink
    /Users/wade/.openclaw/skills/cloudflare-pages-deploy
  • shared
    /Users/wade/Development/shared-skills/cloudflare-pages-deploy

Systems Access

  • 1Password Vault/API (keyword:1password)
  • GitHub API (keyword:github)
  • Local shell/CLI execution (scripts/:present)

Required Tokens

  • OP_SERVICE_ACCOUNT_TOKEN (access_token, 1Password)

Validation

pass
Skill is valid!

Improvement Candidates

  • Declare required env vars in frontmatter metadata to make secret contracts machine-readable.

Top Web Signal

None