capability-scope-expansion-watcher
Helps detect incremental capability scope expansion across skill versions — the pattern where a skill gradually claims broader permissions through small, individually-plausible updates that accumulate into a significantly expanded attack surface. v1.1 adds risk-class contradiction detection.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/andyxinweiminicloud/capability-scope-expansion-watcherWhat This Skill Does
The capability-scope-expansion-watcher is a security auditing tool designed for OpenClaw agents to monitor the evolution of skill permissions. It specifically targets the "slow-drift" attack pattern, where a malicious or compromised skill incrementally increases its attack surface across multiple version updates. By identifying that a skill has moved from limited, granular access to broad, sensitive permissions—even if each individual version increment seemed benign—this watcher acts as a critical line of defense. With the addition of risk-class contradiction detection in v1.1, the skill can now identify when a recent update inherently contradicts the security posture established in previous versions.
Installation
To install this watcher, use the following command in your OpenClaw environment:
clawhub install openclaw/skills/skills/andyxinweiminicloud/capability-scope-expansion-watcher
Use Cases
- Security Auditing: Regularly scan your active skill ecosystem to ensure no tools are "creeping" toward higher privileges than necessary.
- Supply Chain Protection: Vet third-party skills that update frequently to ensure their functional expansion remains within the bounds of their original stated purpose.
- Policy Enforcement: Automatically flag skills that resolve environment variables or expand filesystem reach beyond authorized directory structures.
Example Prompts
- "Analyze the version history of the 'data-formatter-pro' skill and tell me if its cumulative file-access permissions have grown beyond the initial v1.0 scope."
- "Run a risk-class contradiction check on all installed skills to see if any v1.1 updates conflict with our baseline security requirements."
- "Is there any evidence of a step-size anomaly in the recent updates of the 'cloud-sync' tool, or are the scope expansions consistent with its feature changelog?"
Tips & Limitations
This tool is most effective when integrated into your CI/CD pipeline or scheduled as a weekly agent task. It is important to note that this watcher does not prevent an update from occurring; it provides the audit trail and risk assessment necessary for human intervention. It cannot detect "zero-day" attacks where malicious intent is present in a single version release; it is specifically tuned to catch patterns of incremental exploitation over time. Always review the detailed diffs provided by the watcher when it signals a high-risk drift rating.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-andyxinweiminicloud-capability-scope-expansion-watcher": {
"enabled": true,
"auto_update": true
}
}
}Tags(AI)
Related Skills
delta-disclosure-auditor
Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can see what the new version changed relative to the old one." v1.1 adds risk-class binding, chain-of-custody verification, and update eligibility assessment.
capability-composition-analyzer
Helps identify dangerous capability combinations that emerge when agent skills are composed — catching the class of risk where no individual skill is harmful but their intersection creates an exfiltration or compromise path.
transparency-log-auditor
Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry operator can silently rewrite history without detection.
behavioral-invariant-monitor
Helps verify that AI agent skills maintain consistent behavioral invariants across repeated executions — detecting the class of threat where a skill behaves safely during initial evaluation but shifts behavior based on execution count, environmental conditions, or delayed activation triggers. v1.3 adds performance fingerprinting (computational complexity drift detection), cryptographic audit trails (hash-chained behavior logs for immutable verification), and risk-proportional monitoring (sampling-based checks to reduce overhead).
skill-update-delta-monitor
Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that expand permissions, add new network endpoints, or alter behavior in ways that bypass install-time security checks.