{ "schemaVersion": "1.0", "item": { "slug": "capability-graph-mapper", "name": "Capability Graph Mapper", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/andyxinweiminicloud/capability-graph-mapper", "canonicalUrl": "https://clawhub.ai/andyxinweiminicloud/capability-graph-mapper", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/capability-graph-mapper", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=capability-graph-mapper", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "slug": "capability-graph-mapper", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T06:09:29.277Z", "expiresAt": "2026-05-07T06:09:29.277Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=capability-graph-mapper", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=capability-graph-mapper", "contentDisposition": "attachment; filename=\"capability-graph-mapper-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "capability-graph-mapper" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/capability-graph-mapper" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/capability-graph-mapper", "agentPageUrl": "https://openagent3.xyz/skills/capability-graph-mapper/agent", "manifestUrl": "https://openagent3.xyz/skills/capability-graph-mapper/agent.json", "briefUrl": "https://openagent3.xyz/skills/capability-graph-mapper/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Your Agent Has 12 Skills — Do You Know What They Can Do Together?", "body": "Helps map composite permission surfaces across skill dependency chains, revealing emergent capabilities that no single skill declares." }, { "title": "Problem", "body": "Individual skill permissions look reasonable in isolation. A file-reader skill reads files. An HTTP client skill sends requests. A JSON parser skill transforms data. Each one passes a security review on its own.\n\nBut install all three in the same agent, and you've built a data exfiltration pipeline — read sensitive files, parse out credentials, send them to an external endpoint. Nobody approved that combination. Nobody even noticed it exists.\n\nIn traditional software, tools like npm audit map dependency trees and flag known vulnerabilities. In agent ecosystems, the risk isn't in individual dependencies — it's in the composite capability surface that emerges when skills combine. There is no npm audit for emergent agent capabilities." }, { "title": "What This Maps", "body": "This mapper traces the permission graph across an agent's installed skills:\n\nPermission enumeration — For each skill, extract declared capabilities: file access, network requests, shell execution, environment variable reads, credential access\nPairwise composition — For every pair of skills, check if their combined capabilities create a new emergent capability (e.g., read + send = exfiltrate)\nTransitive chains — Trace three-hop and deeper composition paths where skill A feeds skill B feeds skill C, creating capabilities invisible at any single hop\nPrivilege surface score — Compute a single metric: how many distinct dangerous capability combinations exist in this agent's skill set?\nDelta analysis — When a new skill is added, show what new composite capabilities it introduces to the existing set" }, { "title": "How to Use", "body": "Input: Provide one of:\n\nA list of skill names/slugs installed in an agent\nA skill manifest or configuration file\nA single skill to evaluate against a known agent profile\n\nOutput: A capability graph report containing:\n\nPermission matrix (skills × capabilities)\nEmergent capability combinations flagged as risky\nPrivilege surface score (0-100)\nRecommendation: which skill combinations to review manually\nDelta report if evaluating a new addition" }, { "title": "Example", "body": "Input: Map capability surface for agent with skills: log-analyzer, http-poster, env-reader, markdown-formatter\n\n🕸️ CAPABILITY GRAPH — 3 emergent risks detected\n\nPermission matrix:\n read_files send_http read_env exec_shell write_files\n log-analyzer ✓\n http-poster ✓\n env-reader ✓ ✓\n markdown-formatter ✓ ✓\n\nEmergent capability combinations:\n\n ⚠️ RISK 1: Data exfiltration path\n env-reader (read .env) → http-poster (send HTTP)\n Combined: Can read credentials and transmit them externally\n Severity: HIGH\n\n ⚠️ RISK 2: Sensitive file relay\n log-analyzer (read logs) → http-poster (send HTTP)\n Combined: Can read application logs and send contents externally\n Severity: MODERATE\n\n ⚠️ RISK 3: Three-hop chain\n env-reader (read secrets) → markdown-formatter (transform data)\n → http-poster (send HTTP)\n Combined: Read, obfuscate, and exfiltrate in one pipeline\n Severity: HIGH\n\nPrivilege surface score: 67/100 (elevated)\n\nRecommendation:\n - Review whether http-poster needs to coexist with env-reader\n - Consider sandboxing env-reader's file access scope\n - The markdown-formatter → http-poster chain enables obfuscation;\n audit what markdown-formatter can output" }, { "title": "Related Tools", "body": "blast-radius-estimator — estimates downstream impact when a skill turns malicious; capability-graph-mapper helps quantify what a compromised skill could do\npermission-creep-scanner — checks individual skills for over-permission; this mapper checks what happens when multiple over-permissioned skills combine\nsupply-chain-poison-detector — detects poisoned individual skills; this mapper shows why a poisoned skill with network access is more dangerous in agents that also have file-read skills" }, { "title": "Limitations", "body": "Capability graph mapping depends on accurately extracting each skill's actual permissions, which may not always match declared permissions. Skills that dynamically request capabilities at runtime may not be fully captured through static analysis. The composition risk model uses known dangerous patterns (read+send, parse+execute) but novel attack chains may not be in the pattern library. This tool helps surface emergent risks for human review — it does not guarantee detection of all possible capability combinations. Privilege surface scores are relative, not absolute measures of risk." } ], "body": "Your Agent Has 12 Skills — Do You Know What They Can Do Together?\n\nHelps map composite permission surfaces across skill dependency chains, revealing emergent capabilities that no single skill declares.\n\nProblem\n\nIndividual skill permissions look reasonable in isolation. A file-reader skill reads files. An HTTP client skill sends requests. A JSON parser skill transforms data. Each one passes a security review on its own.\n\nBut install all three in the same agent, and you've built a data exfiltration pipeline — read sensitive files, parse out credentials, send them to an external endpoint. Nobody approved that combination. Nobody even noticed it exists.\n\nIn traditional software, tools like npm audit map dependency trees and flag known vulnerabilities. In agent ecosystems, the risk isn't in individual dependencies — it's in the composite capability surface that emerges when skills combine. There is no npm audit for emergent agent capabilities.\n\nWhat This Maps\n\nThis mapper traces the permission graph across an agent's installed skills:\n\nPermission enumeration — For each skill, extract declared capabilities: file access, network requests, shell execution, environment variable reads, credential access\nPairwise composition — For every pair of skills, check if their combined capabilities create a new emergent capability (e.g., read + send = exfiltrate)\nTransitive chains — Trace three-hop and deeper composition paths where skill A feeds skill B feeds skill C, creating capabilities invisible at any single hop\nPrivilege surface score — Compute a single metric: how many distinct dangerous capability combinations exist in this agent's skill set?\nDelta analysis — When a new skill is added, show what new composite capabilities it introduces to the existing set\nHow to Use\n\nInput: Provide one of:\n\nA list of skill names/slugs installed in an agent\nA skill manifest or configuration file\nA single skill to evaluate against a known agent profile\n\nOutput: A capability graph report containing:\n\nPermission matrix (skills × capabilities)\nEmergent capability combinations flagged as risky\nPrivilege surface score (0-100)\nRecommendation: which skill combinations to review manually\nDelta report if evaluating a new addition\nExample\n\nInput: Map capability surface for agent with skills: log-analyzer, http-poster, env-reader, markdown-formatter\n\n🕸️ CAPABILITY GRAPH — 3 emergent risks detected\n\nPermission matrix:\n read_files send_http read_env exec_shell write_files\n log-analyzer ✓\n http-poster ✓\n env-reader ✓ ✓\n markdown-formatter ✓ ✓\n\nEmergent capability combinations:\n\n ⚠️ RISK 1: Data exfiltration path\n env-reader (read .env) → http-poster (send HTTP)\n Combined: Can read credentials and transmit them externally\n Severity: HIGH\n\n ⚠️ RISK 2: Sensitive file relay\n log-analyzer (read logs) → http-poster (send HTTP)\n Combined: Can read application logs and send contents externally\n Severity: MODERATE\n\n ⚠️ RISK 3: Three-hop chain\n env-reader (read secrets) → markdown-formatter (transform data)\n → http-poster (send HTTP)\n Combined: Read, obfuscate, and exfiltrate in one pipeline\n Severity: HIGH\n\nPrivilege surface score: 67/100 (elevated)\n\nRecommendation:\n - Review whether http-poster needs to coexist with env-reader\n - Consider sandboxing env-reader's file access scope\n - The markdown-formatter → http-poster chain enables obfuscation;\n audit what markdown-formatter can output\n\nRelated Tools\nblast-radius-estimator — estimates downstream impact when a skill turns malicious; capability-graph-mapper helps quantify what a compromised skill could do\npermission-creep-scanner — checks individual skills for over-permission; this mapper checks what happens when multiple over-permissioned skills combine\nsupply-chain-poison-detector — detects poisoned individual skills; this mapper shows why a poisoned skill with network access is more dangerous in agents that also have file-read skills\nLimitations\n\nCapability graph mapping depends on accurately extracting each skill's actual permissions, which may not always match declared permissions. Skills that dynamically request capabilities at runtime may not be fully captured through static analysis. The composition risk model uses known dangerous patterns (read+send, parse+execute) but novel attack chains may not be in the pattern library. This tool helps surface emergent risks for human review — it does not guarantee detection of all possible capability combinations. Privilege surface scores are relative, not absolute measures of risk." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/andyxinweiminicloud/capability-graph-mapper", "publisherUrl": "https://clawhub.ai/andyxinweiminicloud/capability-graph-mapper", "owner": "andyxinweiminicloud", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/capability-graph-mapper", "downloadUrl": "https://openagent3.xyz/downloads/capability-graph-mapper", "agentUrl": "https://openagent3.xyz/skills/capability-graph-mapper/agent", "manifestUrl": "https://openagent3.xyz/skills/capability-graph-mapper/agent.json", "briefUrl": "https://openagent3.xyz/skills/capability-graph-mapper/agent.md" } }