Official Verified developer tools Safety 5/5

permission-creep-scanner

Helps detect permission creep in AI agent skills — flags when a skill's actual code accesses resources far beyond what its declared purpose requires, like a "fix typo" skill reading your .env file.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/andyxinweiminicloud/permission-creep-scanner

Download Source Code (.zip)

What This Skill Does

The permission-creep-scanner is a crucial security utility for the OpenClaw ecosystem. It acts as a static analysis agent that audits other AI skills to identify discrepancies between their stated mission and their actual code behavior. As AI agents gain more autonomy, they often interact with sensitive system files. This skill inspects incoming agent code to detect "permission creep"—where a simple tool, like a text formatter, surreptitiously attempts to access sensitive directories such as .ssh or .aws, or initiates unauthorized network connections. By parsing the skill's metadata against its implementation, it provides a transparency report that helps you decide if a specific tool is trustworthy before granting it execution privileges.

Installation

You can integrate this security layer directly into your environment using the OpenClaw command-line interface. Run the following command in your terminal: clawhub install openclaw/skills/security/permission-creep-scanner Ensure your OpenClaw runtime is updated to the latest version to support the full depth of the scanner's heuristic engine.

Use Cases

This scanner is essential for developers and power users who regularly pull community-created skills. Use it when:

Auditing third-party skills before deployment in a sensitive production environment.
Reviewing open-source contributions to your custom AI agents.
Enforcing a "least privilege" policy across your agent fleet by identifying over-scoped dependencies.
Performing a security baseline check on automated workflows that touch your local filesystem or credentials.

Example Prompts

"@permission-creep-scanner scan the latest repository at /local/downloads/auto-git-committer to see if it accesses any environment variables."
"@permission-creep-scanner audit this code [pasted code] and report any high-severity mismatches regarding external network calls."
"@permission-creep-scanner evaluate the provided Capsule JSON for potential data exfiltration risks before I execute it in my workspace."

Tips & Limitations

Static vs. Dynamic: This tool performs static analysis. It is highly effective at catching hardcoded paths and obvious escalation patterns, but it may struggle with highly obfuscated or dynamically loaded code.
Context Matters: Always verify the scanner's output; sometimes legitimate dependencies (like a logger) might look like "external-api" calls. Review the "Risk rating" provided to prioritize your investigation. The tool works best when provided with the full source code rather than just a URL.

Read Full Documentation on GitHub

Metadata

Author@andyxinweiminicloud

Stars4473

Updated2026-05-01

View Author Profile

AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill

Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-andyxinweiminicloud-permission-creep-scanner": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#audit#privacy#static-analysis#agent-safety

Safety Score: 5/5

Flags: file-read, code-execution

Related Skills

delta-disclosure-auditor

Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can see what the new version changed relative to the old one." v1.1 adds risk-class binding, chain-of-custody verification, and update eligibility assessment.

andyxinweiminicloud 4473

capability-composition-analyzer

Helps identify dangerous capability combinations that emerge when agent skills are composed — catching the class of risk where no individual skill is harmful but their intersection creates an exfiltration or compromise path.

andyxinweiminicloud 4473

transparency-log-auditor

Helps verify that skill signing events are recorded in an independently auditable transparency log — catching the class of trust failures where a registry operator can silently rewrite history without detection.

andyxinweiminicloud 4473

behavioral-invariant-monitor

Helps verify that AI agent skills maintain consistent behavioral invariants across repeated executions — detecting the class of threat where a skill behaves safely during initial evaluation but shifts behavior based on execution count, environmental conditions, or delayed activation triggers. v1.3 adds performance fingerprinting (computational complexity drift detection), cryptographic audit trails (hash-chained behavior logs for immutable verification), and risk-proportional monitoring (sampling-based checks to reduce overhead).

andyxinweiminicloud 4473

skill-update-delta-monitor

Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that expand permissions, add new network endpoints, or alter behavior in ways that bypass install-time security checks.

andyxinweiminicloud 4473