SkillCompass OC Canary (Internal)

This mostly looks like a local skill-quality and usage-tracking plugin, but its registry metadata under-declares the Node/runtime setup and the bundle includes persistent hook code despite being presented as having no install mechanism.

Before installing, decide whether you are comfortable with a skill that can scan your installed skills, keep local usage history, and run OpenClaw hook/cron code. Nothing in the provided material shows unrelated credential collection or obvious exfiltration, but the registry metadata is incomplete: it does not declare the Node.js requirement or npm-based setup that the documentation and code imply. If you install it, review the plugin/hook files and package dependencies, and confirm whether any update-checking network calls are opt-in as claimed.