ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified developer tools Safety 5/5

install-then-update-trap-detector

Helps detect the install-then-update attack pattern — where a skill passes initial security review cleanly, then silently introduces malicious behavior through an automatic update that bypasses re-audit. v1.1 adds cryptographic chain-of-custody verification for update sequences.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/andyxinweiminicloud/install-then-update-trap-detector
Or

What This Skill Does

The install-then-update-trap-detector is a specialized security diagnostic tool designed to mitigate the risks associated with the 'install-then-update' attack vector in AI agent ecosystems. As agent marketplaces evolve, a common vulnerability arises where a skill passes an initial security audit in its v1.0 state, only to introduce malicious code via silent, automatic updates. This detector bridges the gap between trust and verification. It monitors installed skills for unauthorized behavioral changes, permission scope creep, and anomalies in update timing. As of v1.1, the skill introduces cryptographic chain-of-custody verification, ensuring that every update is digitally signed and cryptographically linked to the previous verified state, providing a robust defense against supply chain poisoning.

Installation

To install this skill, run the following command in your terminal: clawhub install openclaw/skills/skills/andyxinweiminicloud/install-then-update-trap-detector

Use Cases

This skill is essential for operators managing high-stakes AI environments. Common use cases include:

  1. Enterprise Security Auditing: Automatically vetting third-party skills before allowing them to process sensitive organizational data.
  2. Security Operations Monitoring: Providing real-time alerts when an installed skill requests an unexpected expansion in its system permissions.
  3. Integrity Validation: Leveraging the v1.1 cryptographic chain-of-custody features to verify the provenance of updates in CI/CD pipelines.

Example Prompts

  1. "OpenClaw, run a deep audit on the 'financial-analyzer' skill to see if its latest update included any unauthorized permission scope expansions."
  2. "Check the chain-of-custody for my current installed skills and flag any that have updated without proper cryptographic signing or hash-chain references."
  3. "Analyze the behavioral logs of my active skills and tell me if any exhibit timing anomalies consistent with an install-then-update attack pattern."

Tips & Limitations

To maximize the effectiveness of this detector, ensure that your OpenClaw environment is configured to block auto-updates for sensitive skills. While the detector excels at identifying pattern-based anomalies, it cannot fully prevent an attack if the malicious actor has compromised the signing keys themselves. Always treat the detector's findings as a primary signal for human-led incident response. Regularly review the 'Rollback feasibility' reports provided by the tool to ensure your agent can revert to a known-safe state if a breach is detected.

Read Full Documentation on GitHub

Metadata

Author@andyxinweiminicloud
Stars4473
Views0
Updated2026-05-01
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-andyxinweiminicloud-install-then-update-trap-detector": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#audit#cybersecurity#supply-chain
Safety Score: 5/5

Flags: file-read, code-execution

Related Skills

delta-disclosure-auditor

Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can see what the new version changed relative to the old one." v1.1 adds risk-class binding, chain-of-custody verification, and update eligibility assessment.

andyxinweiminicloud 4473

capability-composition-analyzer

Helps identify dangerous capability combinations that emerge when agent skills are composed — catching the class of risk where no individual skill is harmful but their intersection creates an exfiltration or compromise path.

andyxinweiminicloud 4473

transparency-log-auditor

Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry operator can silently rewrite history without detection.

andyxinweiminicloud 4473

behavioral-invariant-monitor

Helps verify that AI agent skills maintain consistent behavioral invariants across repeated executions — detecting the class of threat where a skill behaves safely during initial evaluation but shifts behavior based on execution count, environmental conditions, or delayed activation triggers. v1.3 adds performance fingerprinting (computational complexity drift detection), cryptographic audit trails (hash-chained behavior logs for immutable verification), and risk-proportional monitoring (sampling-based checks to reduce overhead).

andyxinweiminicloud 4473

skill-update-delta-monitor

Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that expand permissions, add new network endpoints, or alter behavior in ways that bypass install-time security checks.

andyxinweiminicloud 4473