TrustLoop Pluginv0.1.1

The code and SKILL.md implement a workspace-local managed-skill lifecycle (create/merge/review/publish/rollback) and the plugin registers a single tool 'skill_manage_managed' that implements that surface. The files, templates, and policies align with the described purpose of a TrustLoop-managed skill evolver.

Runtime instructions and the tool implementation restrict operations to the current workspace (./skills/, ./.skill-evolver/) and explicitly forbid modifying skills outside learned-* or touching sensitive paths. The SKILL.md and reference docs repeatedly instruct workspace-local behavior; the code appears to use filesystem APIs only (no network or shell calls visible).

There is no external download/install spec; the package includes only Node source and one dependency (@sinclair/typebox). No URLs, archive extraction, or third‑party install steps are present in the manifest, which lowers install-time risk.

The skill requests no environment variables, credentials, or config paths. The code takes a workspace_root parameter and performs file operations there; no credential exfiltration or unrelated secret access is requested by the package.

The bundled managed skill's SKILL.md frontmatter declares openclaw.always: true (the skill-evolver says 'This skill is always on'), which grants forced inclusion in every agent run. Combined with a native tool that can write/publish/rollback skills in the workspace and the platform-default ability for the model to invoke skills autonomously, this raises the blast radius if misconfigured or if path validation is incomplete. The registry metadata at the top-level shows always: false for the plugin, creating a mismatch between package metadata and the internal skill frontmatter that should be reconciled. Review the code paths that resolve and validate workspace_root and file paths before trusting the always-on behavior.