openclaw-superpowers
openclaw-superpowers is a plug-and-play skill library for the OpenClaw persistent AI agent runtime. It provides a large set of predefined “skills” (core methodology, OpenClaw-native persistent/cron workflows, and security guardrails) plus companion scripts and an install script that symlinks skills, initializes local state directories, and registers cron jobs. It also describes agent abilities to self-modify by writing new skills during conversation via a create-skill mechanism.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
The package claims multiple guardrail skills (prompt injection guard, dangerous-action confirmation gate, post-install auditor/drift detection, config encryption auditor, and other integrity checks). However, the README provided does not include concrete technical details like threat-model coverage, formal guarantees, code-level implementation, or hardening practices. Since it also supports agent-written new skills, the primary security risk is that compromised or overly trusting agents can create or install unsafe behavior; this should be mitigated by strict review/policy and least-privilege controls in the host runtime.
⚡ Reliability
Best When
You control your runtime environment (local machine or trusted infrastructure) and want to enhance OpenClaw with many ready-made skills for persistence, scheduling, memory management, and security checks.
Avoid When
You plan to install untrusted/community-written skills without auditing, or you cannot perform security review of scripts/skill definitions—especially given the self-modifying capability.
Use Cases
- • Running a persistent OpenClaw agent that autonomously manages long-running tasks
- • Enabling cron-scheduled maintenance tasks (memory hygiene, health checks, budget tracking)
- • Adding defense-in-depth guardrails against prompt injection, dangerous actions, and post-install tampering
- • Using knowledge-graph/DAG-style memory compaction and recall for long multi-week sessions
- • Operating single or multiple OpenClaw agents with health monitoring and handoffs
Not For
- • Production environments where you cannot trust code provenance (because it supports self-modifying skill creation)
- • Teams that require a hosted, internet-facing API with formal REST/SDK contracts (this appears local/runtime-focused)
- • Use cases needing strict compliance guarantees without reviewing the shipped scripts/skills
Interface
Authentication
The README describes security skills that audit configs for plaintext secrets, but does not describe an authentication protocol for this library/package.
Pricing
No pricing information provided; appears to be a repository/installable extension.
Agent Metadata
Known Gotchas
- ⚠ Supports self-modifying skill creation; agents must be constrained to avoid creating overly permissive or malicious skills
- ⚠ Cron-scheduled skills can amplify risk if misconfigured (e.g., budget/guardrail failures leading to runaway actions)
- ⚠ Skill installation symlinks local skills into OpenClaw’s extension directory; repeated installs may require manual cleanup if not idempotent
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for openclaw-superpowers.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.