Trusted install model
Start from packages that feel installable, not just popular.
This site is designed to reduce installation regret. We focus on workflow fit, transparent risk signals, and governance-ready package details instead of pretending every repo is equally safe.
Why this page matters now
After the OpenClaw boom, many users are jumping straight from curiosity to installation. This page exists to slow that jump down and make the first install decision more legible.
Workflow-first: packages should map to a job-to-be-done, not just a tag.
Explain trust: every trust score needs interpretable safety and freshness context.
Stay installable: show the command, prerequisites, and caveats before the click.
Review model
- • Heuristic scans flag scripts, network activity, privilege prompts, and broad allowed-tools patterns.
- • Trust scores combine popularity, recency, structure quality, and safety penalties — they are a starting point, not a promise.
- • Manual review matters most for featured bundles, enterprise-safe recommendations, and suspicious repos.
Install transparency
- • Every package page should answer: what installs, how it installs, and what extra setup is still required.
- • Playbooks should show the workflow outcome, verification steps, and the role each package plays in the bundle.
- • If a repo is only auto-indexed, say so clearly instead of implying full verification.
Team and enterprise direction
- • Teams need approved workflow bundles, not an infinite public marketplace.
- • Governance means documenting policy fit, install requirements, and trust caveats before rollout.
- • Private catalogs, approval states, and verified install records are credible next steps once demand is proven.