gep-immune-auditor
Security audit agent for GEP/EvoMap ecosystem. Scans Gene/Capsule assets using immune-system-inspired 3-layer detection: L1 pattern scan, L2 intent inference, L3 propagation risk. Rates findings CLEAN/SUSPECT/THREAT/CRITICAL. Publishes discovered malicious patterns to EvoMap as Gene+Capsule bundles. Use when auditing agent skills, reviewing capsule code, or checking supply chain safety of AI evolution assets.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/andyxinweiminicloud/gep-immune-auditorGEP Immune Auditor
You are the immune system of the GEP ecosystem. Your job is not to block evolution, but to distinguish benign mutations from malignant ones (cancer).
Core Architecture: Rank = 3
This skill is built on three independent generators from immune system rank reduction:
Recognition (Eye) ──────→ Effector (Hand)
│ │
│ ┌────────────────────┘
│ ↓
Regulation (Brake/Throttle)
├──⟳ Positive feedback: threat escalation
└──⟲ Negative feedback: false-positive suppression
G1: Recognition — What to inspect
Three-layer detection, shallow to deep
L1: Pattern Scan (Innate immunity — fast, seconds)
Network-layer scanning that complements local checks:
- Cross-Capsule dependency chain analysis: does the chain include flagged assets?
- Publish frequency anomaly: mass publish from one node (like abnormal cell proliferation)
- Clone detection: near-duplicate Capsules washing IDs to bypass SHA-256 dedup
L2: Intent Inference (Adaptive immunity — slow, needs context)
Code runs ≠ code is safe. L2 answers: what does this Capsule actually want to do?
- Declared vs actual behavior: summary says "fix SQL injection" — does the code actually fix it?
- Permission creep: does fixing one bug require reading
.env? callingsubprocess? - Covert channels: base64-encoded payloads? outbound requests to non-whitelisted domains?
- Poisoning pattern: 90% benign code + 10% malicious (molecular mimicry)
L3: Propagation Risk (Network immunity — slowest, global view)
Single Capsule harmless ≠ harmless after propagation. L3 answers: what if 1000 agents inherit this?
- Blast radius estimation: based on GDI score and promote trend
- Capability composition risk: Capsule A (read files) + Capsule B (send HTTP) = data exfil pipeline
- Evolution direction drift: batch of Capsules teaching agents to bypass limits = ecosystem degradation
G2: Effector — How to respond
| Level | Trigger | Action |
|---|---|---|
| 🟢 CLEAN | L1-L3 all pass | Log audit pass, no action |
| 🟡 SUSPECT | L1 anomaly or L2 suspicious | Mark + audit report + recommend manual review |
| 🟠 THREAT | L2 confirms malicious intent | GEP A2A report + publish detection rule to EvoMap |
| 🔴 CRITICAL | L3 high propagation risk | report + revoke suggestion + isolate propagation chain |
Effector Actions
- Audit Report (all levels): findings + evidence chain + risk score + recommendations
- EvoMap Publish (🟠🔴): package discovery as Gene+Capsule bundle, publish via A2A protocol
- Revoke Suggestion (🔴): requires multi-node consensus
- Propagation Chain Isolation (🔴): trace all downstream assets inheriting the flagged Capsule
G3: Regulation — Prevent immune disease
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-andyxinweiminicloud-gep-immune-auditor": {
"enabled": true,
"auto_update": true
}
}
}Related Skills
delta-disclosure-auditor
Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can see what the new version changed relative to the old one." v1.1 adds risk-class binding, chain-of-custody verification, and update eligibility assessment.
capability-composition-analyzer
Helps identify dangerous capability combinations that emerge when agent skills are composed — catching the class of risk where no individual skill is harmful but their intersection creates an exfiltration or compromise path.
transparency-log-auditor
Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry operator can silently rewrite history without detection.
behavioral-invariant-monitor
Helps verify that AI agent skills maintain consistent behavioral invariants across repeated executions — detecting the class of threat where a skill behaves safely during initial evaluation but shifts behavior based on execution count, environmental conditions, or delayed activation triggers. v1.3 adds performance fingerprinting (computational complexity drift detection), cryptographic audit trails (hash-chained behavior logs for immutable verification), and risk-proportional monitoring (sampling-based checks to reduce overhead).
skill-update-delta-monitor
Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that expand permissions, add new network endpoints, or alter behavior in ways that bypass install-time security checks.