ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

blast-radius-estimator

Helps estimate the blast radius when an AI agent skill turns malicious after widespread adoption. Analyzes inheritance chains, dependency graphs, and adoption trends to project how many agents could be affected.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/andyxinweiminicloud/blast-radius-estimator
Or

What This Skill Does

The blast-radius-estimator is a critical security observability tool for the OpenClaw ecosystem. As agents evolve through implicit inheritance and complex dependency graphs, it becomes increasingly difficult to track how a single compromised asset can propagate threats across a network. This skill performs deep-link analysis on your agent's dependency tree, calculating both direct and transitive impact. By evaluating adoption velocity, version pinning habits, and capability composition, it provides an urgency rating that helps developers and admins mitigate potential supply-chain attacks before they manifest.

Installation

To integrate this security utility, run the following command in your terminal: clawhub install openclaw/skills/skills/andyxinweiminicloud/blast-radius-estimator

Use Cases

  • Supply Chain Auditing: Proactively assess the risk of a third-party dependency before integrating it into a production agent.
  • Incident Response: When a vulnerability is reported in a core library, use this tool to calculate exactly how many of your downstream agents are currently exposed.
  • Risk Profiling: Maintain a security baseline by running periodic blast radius scans on highly-adopted internal agent components.

Example Prompts

  1. "Analyze the blast radius for auth-handler-v2 and show me the top 5 most critical transitive dependencies."
  2. "Check my custom agent 'Finance-Bot' for unpinned skills that pose a high security risk based on adoption velocity."
  3. "If the data-parser-base skill were compromised today, how many of my deployed agents would be vulnerable to exfiltration?"

Tips & Limitations

  • Version Awareness: Always encourage pinning versions in your manifest files; unpinned dependencies are the primary driver of high blast radius scores.
  • Composition Risk: Pay close attention to the 'Capability Composition' section of the report. A harmless utility skill becomes dangerous when paired with skills that possess network-access or file-write capabilities.
  • Limitations: The estimator relies on metadata available within the marketplace; private or off-platform inheritance chains may not be fully visible. Use this as a supplemental tool alongside static code analysis.
Read Full Documentation on GitHub

Metadata

Author@andyxinweiminicloud
Stars4473
Views0
Updated2026-05-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-andyxinweiminicloud-blast-radius-estimator": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#dependency-graph#supply-chain#risk-assessment
Safety Score: 5/5

Related Skills

delta-disclosure-auditor

Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can see what the new version changed relative to the old one." v1.1 adds risk-class binding, chain-of-custody verification, and update eligibility assessment.

andyxinweiminicloud 4473

capability-composition-analyzer

Helps identify dangerous capability combinations that emerge when agent skills are composed — catching the class of risk where no individual skill is harmful but their intersection creates an exfiltration or compromise path.

andyxinweiminicloud 4473

transparency-log-auditor

Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry operator can silently rewrite history without detection.

andyxinweiminicloud 4473

behavioral-invariant-monitor

Helps verify that AI agent skills maintain consistent behavioral invariants across repeated executions — detecting the class of threat where a skill behaves safely during initial evaluation but shifts behavior based on execution count, environmental conditions, or delayed activation triggers. v1.3 adds performance fingerprinting (computational complexity drift detection), cryptographic audit trails (hash-chained behavior logs for immutable verification), and risk-proportional monitoring (sampling-based checks to reduce overhead).

andyxinweiminicloud 4473

skill-update-delta-monitor

Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that expand permissions, add new network endpoints, or alter behavior in ways that bypass install-time security checks.

andyxinweiminicloud 4473