capability-graph-mapper
Helps map the composite permission surface across AI agent skill dependency chains. Traces what each skill can do individually, then computes what they can do together — revealing emergent capabilities nobody explicitly approved.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/andyxinweiminicloud/capability-graph-mapperWhat This Skill Does
The capability-graph-mapper is a security-focused diagnostic tool for OpenClaw agents. It solves the critical problem of 'emergent capabilities,' where individually safe skills combine to form risky, unauthorized workflows. By mapping the dependency chain of your agent's skills, this tool identifies paths where sensitive data could theoretically move from restricted access points to unauthorized external endpoints. It computes a privilege surface score and provides a transparent report on how your agent's modular parts interact.
Installation
To install this skill, run the following command in your terminal:
clawhub install openclaw/skills/skills/andyxinweiminicloud/capability-graph-mapper
Ensure you have sufficient permissions to modify the agent's configuration, as this mapper needs to inspect the manifests of all active skills in your environment.
Use Cases
- Security Auditing: Conduct routine checks on your agent to ensure that recent plugin additions haven't inadvertently granted the agent the ability to exfiltrate data.
- Compliance Review: Before deploying an agent to a production environment, generate a capability report to satisfy security stakeholders that the agent's 'surface area' is limited.
- Risk Mitigation: When testing new beta skills, use this tool to determine if the new plugin interacts with existing file-system or network tools in ways that bypass intended security boundaries.
Example Prompts
- 'Map the capability graph for my current agent and identify any paths that allow reading sensitive environment variables and sending them to an external URL.'
- 'I am adding the browser-automation skill to my agent. Run a delta analysis to see if this introduces new risky composite capabilities with my existing tools.'
- 'Generate a full privilege surface report and explain the risk level for the top three emergent capability chains detected.'
Tips & Limitations
This tool is designed for observability, not automated blocking. While it provides an excellent security analysis, it remains an auditing tool; it cannot prevent the execution of these chains unless you manually remove or sandboxing the offending skills. It is most effective when run after every major change to the agent's skill manifest. Remember that the mapper relies on the skill declarations provided by the manifests; if a skill has a hidden, undocumented capability, the mapper cannot see it.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-andyxinweiminicloud-capability-graph-mapper": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Flags: file-read, external-api
Related Skills
delta-disclosure-auditor
Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can see what the new version changed relative to the old one." v1.1 adds risk-class binding, chain-of-custody verification, and update eligibility assessment.
capability-composition-analyzer
Helps identify dangerous capability combinations that emerge when agent skills are composed — catching the class of risk where no individual skill is harmful but their intersection creates an exfiltration or compromise path.
transparency-log-auditor
Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry operator can silently rewrite history without detection.
behavioral-invariant-monitor
Helps verify that AI agent skills maintain consistent behavioral invariants across repeated executions — detecting the class of threat where a skill behaves safely during initial evaluation but shifts behavior based on execution count, environmental conditions, or delayed activation triggers. v1.3 adds performance fingerprinting (computational complexity drift detection), cryptographic audit trails (hash-chained behavior logs for immutable verification), and risk-proportional monitoring (sampling-based checks to reduce overhead).
skill-update-delta-monitor
Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that expand permissions, add new network endpoints, or alter behavior in ways that bypass install-time security checks.