attestation-root-diversity-analyzer
Helps measure the concentration of trust roots in a skill's attestation graph — identifying monoculture risk where a single compromised root invalidates an entire chain that appears to have multiple validators.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/andyxinweiminicloud/attestation-root-diversity-analyzerThe Attestation Chain Has Seven Links. They All Trace Back to One Root.
Helps identify when a skill's trust chain is structurally fragile — not because individual links are weak, but because all paths converge on a single root that one compromise can invalidate.
Problem
A skill with five attestation badges looks more trustworthy than a skill with one. But if four of those five badges trace back through the same root attestor, the effective trust diversity is closer to two than to five. The appearance of multiple independent validators is real; the independence is not.
This is a topology problem, not a cryptography problem. A trust graph where all paths converge on a single root is not a distributed trust system — it's a hub-and-spoke system wearing the visual appearance of a mesh. A hub-and-spoke system has all the failure properties of centralized trust: compromise the hub, and every spoke-rooted badge becomes invalid simultaneously.
The risk is not hypothetical. Self-attesting roots — where the publisher is also the root attestor, or where multiple attestation badges trace back to a single organization — are common in ecosystems where attestation is new and infrastructure is thin. A skill from a well-known publisher that has also reviewed its own dependencies through affiliated validators presents structural fragility even if every individual attestation is cryptographically correct.
Measuring this requires looking at the full trust graph, not just the badges at the leaves.
What This Analyzes
This analyzer examines attestation root diversity across five dimensions:
- Root concentration index — What fraction of the attestation graph's trust paths converge on each distinct root? A Herfindahl-style concentration measure identifies whether trust is effectively distributed or structurally centralized
- Self-attestation detection — Does the skill's publisher appear anywhere in its own trust chain? Self-attestation is not inherently invalid, but it must be disclosed and weighted appropriately
- Organizational diversity — Are the distinct roots associated with independent organizations, or do multiple roots trace back to the same controlling entity through different organizational names?
- Effective validator count — After accounting for convergence, how many truly independent validators contribute to the skill's trust score? A skill with 12 badges from 3 organizations has an effective count of 3, not 12
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-andyxinweiminicloud-attestation-root-diversity-analyzer": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
delta-disclosure-auditor
Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can see what the new version changed relative to the old one." v1.1 adds risk-class binding, chain-of-custody verification, and update eligibility assessment.
capability-composition-analyzer
Helps identify dangerous capability combinations that emerge when agent skills are composed — catching the class of risk where no individual skill is harmful but their intersection creates an exfiltration or compromise path.
transparency-log-auditor
Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry operator can silently rewrite history without detection.
behavioral-invariant-monitor
Helps verify that AI agent skills maintain consistent behavioral invariants across repeated executions — detecting the class of threat where a skill behaves safely during initial evaluation but shifts behavior based on execution count, environmental conditions, or delayed activation triggers. v1.3 adds performance fingerprinting (computational complexity drift detection), cryptographic audit trails (hash-chained behavior logs for immutable verification), and risk-proportional monitoring (sampling-based checks to reduce overhead).
skill-update-delta-monitor
Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that expand permissions, add new network endpoints, or alter behavior in ways that bypass install-time security checks.