Plugin / Skill Intake Manifest Template

過去レポートのView/ソース規律バックフィルで生成したView。

Generated: 2026-05-24T08:42:08+09:00

Use this before installing, enabling, or trusting an unknown OpenClaw/Codex skill, plugin, MCP server, or agent pack. The goal is not paperwork. The goal is to make hidden capability surfaces visible before they touch secrets, browser profiles, external APIs, or owner-facing channels.

Intake Summary

• Candidate:
• Source URL / local path:
• Requested by:
• Intended job:
• Decision: allow / allow-local-only / needs-owner-approval / reject
• Reviewer:
• Reviewed at:

Capability Layers

| Layer | What to inspect | Findings | Risk |

| --- | --- | --- | --- |

| Instruction | SKILL.md, prompts, AGENTS/README guidance | | low / medium / high |

| Worker | subagents, scripts, binaries, package entrypoints | | low / medium / high |

| Enforcement | hooks, guards, tests, lint, approval checks | | low / medium / high |

| Connection | MCP/app connectors, browser automation, network calls | | low / medium / high |

| Secret surface | env vars, cookies, tokens, keychains, browser profiles | | low / medium / high |

| External write surface | email, X, Discord, webhooks, prod APIs, payments | | low / medium / high |

| Rollback path | disable steps, file removal, config revert, cache cleanup | | low / medium / high |

Required Checks

• [ ] Read SKILL.md or plugin manifest.
• [ ] Inspect scripts/, package.json, install hooks, and generated binaries before running.
• [ ] Search for network writes: POST, PUT, PATCH, DELETE, webhooks, email, Discord, X, payment APIs.
• [ ] Search for secret access: .env, process.env, keychain, cookies, browser profile paths, ~/.ssh, ~/.config, ~/.openclaw, ~/.claude.
• [ ] Identify whether the default action is read-only, local write, external write, destructive, or paid.
• [ ] Confirm a small verification command exists or write one before trusting repeated use.
• [ ] Record the exact owner approval packet for any external write or destructive operation.

Approval Packet

Use this only when a hard stop is involved.

• Destination / account / channel:
• Exact action:
• Exact body or payload:
• Risk:
• Rollback / cancellation path:
• Recommended decision:

Result

• Local artifact or config changed:
• Verification:
• Follow-up:

Sources

• OpenClaw skills docs: https://docs.openclaw.ai/tools/skills
• OpenClaw sub-agents docs: https://docs.openclaw.ai/tools/subagents
• OpenClaw automation docs: https://docs.openclaw.ai/automation
• Codex skills docs: https://developers.openai.com/codex/skills
• Local ops index: projects/openclaw-operations-improvement/openclaw-ops-index-2026-05-19.md