grtninja/skill-openclaw-nullclaw-integration
skill-candidates/skill-openclaw-nullclaw-integration/SKILL.md
Reconcile OpenClaw and NullClaw upstream changes into router-aware MeshGPT, MX3 shim, and AvatarCore lanes with privacy-safe attribution, release-provenance gating, and deterministic test gates.
$ install --global
skillsauthnpx skillsauth add grtninja/skill-arbiter skill-openclaw-nullclaw-integrationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 2:42 PM29.1s3 files scanned
SKILL.md
- name:
- skill-openclaw-nullclaw-integration
- description:
- Reconcile OpenClaw and NullClaw upstream changes into router-aware MeshGPT, MX3 shim, and AvatarCore lanes with privacy-safe attribution, release-provenance gating, and deterministic test gates.
Skill OpenClaw NullClaw Integration
Use this skill for cross-repo integration work when OpenClaw/NullClaw changes need to land in local router/model/API routing behavior.
Workflow
- Pull third-party sources fast-forward only.
- Build a bounded change inventory focused on routing, providers, channels, agent orchestration surfaces, and security advisories.
- Verify release provenance state before trusting an upstream version bump:
- patched/advisory version line
- whether signed tags or artifact digests are actually verifiable
- whether local policy should block auto-apply pending provenance
- Map findings into local repository lanes:
- Repo A coordinator/runtime routing
- Repo B AvatarCore routing profiles
- MX3 shim model-router policy
- control-plane release gating / fail-closed policy
- Apply deterministic patches and run lane-specific tests.
- Refresh third-party attribution and intake evidence.
- Run
skill-auditor+skill-arbiter-lockdown-admissionbefore completion.
Canonical Commands
git -C <THIRD_PARTY_CLONES>/openclaw pull --ff-only
git -C <THIRD_PARTY_CLONES>/nullclaw pull --ff-only
python skill-candidates/skills-third-party-intake/scripts/third_party_skill_intake.py \
--source-root openclaw=<THIRD_PARTY_CLONES>/openclaw/skills \
--source-root openclaw-ext=<THIRD_PARTY_CLONES>/openclaw/extensions \
--source-root nullclaw=<THIRD_PARTY_CLONES>/nullclaw \
--json-out .tmp/third-party-intake-openclaw-nullclaw.json
Focused integration scan:
rg -n "router|routing|provider|channel|meshrelay|gateway|agent" <THIRD_PARTY_CLONES>/openclaw <THIRD_PARTY_CLONES>/nullclaw
Guardrails
- Never copy secrets, tokens, local usernames, or absolute personal paths from third-party docs.
- Keep imported instructions public-shape only and placeholder-safe.
- Prefer upgrading existing local skills before adding new overlapping candidates.
- Keep third-party source attribution current in
references/third-party-skill-attribution.md. - Do not auto-promote an upstream OpenClaw release on version number alone when provenance or digest verification is missing.
Scope Boundary
Use this skill only for OpenClaw/NullClaw cross-repo integration and curation.
Do not use it as a general coding workflow skill; route unrelated implementation lanes through $skill-hub.
Reference
references/openclaw-nullclaw-integration-map.md
Loopback
If this lane is unresolved, blocked, or ambiguous:
- Capture the unresolved source delta and impacted local repo lane.
- Route back through
$skill-hubfor chain recalculation. - Resume only after the updated chain returns a deterministic next step.
Related Skills
grtninja/white-hat
tools
VerifiedTrustedCommunity
Run a defender-first security sweep on code, configs, prompts, model/tooling surfaces, or third-party contribution lanes. Use when a request involves safe bug, leak, zero-day-class, exploit, or hack hunting for protection, when contributing to outside repositories and you want a focused security pass, or when touching auth, secrets, permissions, network exposure, prompt/tool boundaries, data flow, or update/build surfaces. This skill is defensive only and must never be used for weaponization or unauthorized access.
2SKILL.mdUpdated Apr 22, 2026
grtninja/vrm-sandbox-startup-acceptance
development
VerifiedTrustedCommunity
Validate and repair VRM Sandbox startup acceptance with shim-first local model authority, frontend/backend bring-up, and avatar-runtime launch proof. Use when launch behavior, chat handoff, voice fallback, or runtime bridge acceptance must be verified end to end.
2SKILL.mdUpdated Apr 22, 2026
grtninja/voice-catalog-runtime-alignment
documentation
VerifiedTrustedCommunity
Align documented voice-command catalogs, endpoint action allowances, and live runtime handlers so operator-visible voice surfaces match what the stack can actually execute. Use when voice command docs, parser matrices, endpoint permissions, or runtime action routing drift apart.
2SKILL.mdUpdated Apr 22, 2026
grtninja/skillhub-trend-radar
development
VerifiedTrustedCommunity
Track SkillHub trend and topic drift, maintain a bounded rewrite watchlist, and surface emerging gaps worth turning into repo-owned skills. Use when the marketplace query set shows new families or when the current shortlist has gone stale.
2SKILL.mdUpdated Apr 22, 2026