{ "schemaVersion": "1.0", "item": { "slug": "skill-dependency-chain-auditor", "name": "Skill Dependency Chain Auditor", "source": "tencent", "type": "skill", "category": "AI 智能", "sourceUrl": "https://clawhub.ai/andyxinweiminicloud/skill-dependency-chain-auditor", "canonicalUrl": "https://clawhub.ai/andyxinweiminicloud/skill-dependency-chain-auditor", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/skill-dependency-chain-auditor", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-dependency-chain-auditor", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/skill-dependency-chain-auditor" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/skill-dependency-chain-auditor", "agentPageUrl": "https://openagent3.xyz/skills/skill-dependency-chain-auditor/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-dependency-chain-auditor/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-dependency-chain-auditor/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Your Skill's Dependency Is Safe. Its Dependency's Dependency Is Not.", "body": "Helps identify vulnerabilities in transitive skill dependency chains —\nthe attack surface that direct dependency auditing cannot see." }, { "title": "Problem", "body": "Agent skills rarely operate in isolation. A skill that provides a useful\ncapability often depends on other skills for sub-capabilities: a data\nprocessing skill may depend on a file parsing skill that depends on a format\nconversion skill. Each link in this dependency chain is a potential\nvulnerability entry point — and auditing only the top-level skill misses\neverything below it.\n\nThe transitive dependency problem in agent ecosystems mirrors the problem\nthat produced major software supply chain incidents: auditors focused on the\nimmediate code, not the full dependency tree. An attacker who cannot\ncompromise a well-audited top-level skill can achieve the same result by\ncompromising a less-scrutinized dependency that the top-level skill trusts\nimplicitly.\n\nTransitive dependencies compound the blast radius problem. A vulnerability\nin a foundational skill used by many other skills as a dependency propagates\nupward through the entire dependency graph. An agent with five installed\nskills, each depending on three sub-skills, may have an effective dependency\nsurface of fifteen or more skills — most of which received no direct review\nat install time.\n\nThe audit gap is structural. Standard skill marketplace reviews evaluate\npublished skills as independent units. They do not trace dependency chains,\nassess the composition of trust across dependency links, or flag cases where\na safe skill depends on an unaudited or compromised skill. The trust granted\nto a skill implicitly extends to everything it depends on — and that implicit\nextension is unverified." }, { "title": "What This Audits", "body": "This auditor examines skill dependency chain integrity across five dimensions:\n\nTransitive dependency inventory — What is the complete set of skills\nthat a given skill transitively depends on? Direct dependencies are the\nvisible surface; transitive dependencies are the actual attack surface.\nThe auditor maps the full dependency graph, not just the first level\n\n\nTrust gradient across the chain — Do the trust levels of skills in\nthe dependency chain decrease as depth increases? High-trust top-level\nskills depending on lower-trust sub-skills create a trust gradient that\nattackers can exploit by targeting the less-scrutinized lower levels\n\n\nDependency version pinning — Are dependency references pinned to\nspecific verified versions, or are they floating references that can be\nsilently satisfied by updated versions? Floating dependencies allow\ndependency-level install-then-update attacks that bypass top-level auditing\n\n\nCircular and diamond dependency detection — Does the dependency graph\ncontain circular references or diamond patterns (multiple paths converging\non the same dependency) that create ordering ambiguity or amplify the\nblast radius of a single dependency compromise?\n\n\nCapability aggregation across the chain — What is the combined\ncapability set of the full dependency tree? Skills that individually\ndeclare limited capabilities may collectively provide a combined capability\nnot declared at any level of the tree" }, { "title": "How to Use", "body": "Input: Provide one of:\n\nA skill identifier to audit its full transitive dependency chain\nAn agent's installed skill list to map the combined dependency graph\nTwo skill identifiers to check for shared dependency paths (common attack surface)\n\nOutput: A dependency chain audit report containing:\n\nFull transitive dependency inventory with trust levels\nTrust gradient analysis\nVersion pinning assessment\nGraph structure anomalies (circular, diamond)\nAggregated capability surface across the full chain\nChain integrity verdict: SOUND / DEGRADED / VULNERABLE / COMPROMISED" }, { "title": "Example", "body": "Input: Audit dependency chain for document-analyzer skill\n\n⛓️ SKILL DEPENDENCY CHAIN AUDIT\n\nSkill: document-analyzer v2.1\nAudit timestamp: 2025-12-01T11:00:00Z\n\nTransitive dependency inventory:\n Level 1 (direct):\n text-extractor v1.4 [trust: HIGH, audited 2025-06-01]\n format-converter v2.0 [trust: HIGH, audited 2025-07-15]\n metadata-parser v1.2 [trust: MEDIUM, audited 2025-03-10]\n\n Level 2 (dependencies of direct deps):\n unicode-normalizer v3.1 (dep of text-extractor)\n [trust: HIGH, audited 2025-08-01]\n charset-detector v1.8 (dep of text-extractor)\n [trust: LOW, last audited 2024-01-15 — 11 months ago] ⚠️\n pdf-parser v4.2 (dep of format-converter)\n [trust: HIGH, audited 2025-09-01]\n xml-parser v2.3 (dep of format-converter)\n [trust: MEDIUM, audited 2025-05-01]\n mime-detector v1.1 (dep of metadata-parser)\n [trust: UNVERIFIED, no audit record found] ⚠️\n\n Level 3 (transitive):\n encoding-tables v2.0 (dep of charset-detector)\n [trust: LOW, 18-month-old audit] ⚠️\n http-fetcher v1.5 (dep of mime-detector) ⚠️\n [trust: UNVERIFIED, no audit record]\n → http-fetcher adds OUTBOUND-NETWORK capability not declared at top level ⚠️⚠️\n\nTrust gradient:\n document-analyzer: HIGH\n Level 1 average: MEDIUM-HIGH\n Level 2 average: LOW-MEDIUM (two unverified/stale)\n Level 3: UNVERIFIED (critical outbound capability)\n → Trust degrades significantly at depth ⚠️\n\nVersion pinning:\n text-extractor: pinned to v1.4 ✅\n format-converter: ^2.0 (floating minor/patch) ⚠️\n metadata-parser: latest (unpinned) ⚠️\n → 2 of 3 direct dependencies allow silent updates\n\nDependency graph structure:\n charset-detector: shared between text-extractor and metadata-parser\n → Diamond pattern: charset-detector compromise affects two paths ⚠️\n No circular dependencies detected ✅\n\nAggregated capability surface:\n Declared (document-analyzer): file-read (scoped), text processing\n Actual (full chain): file-read (scoped) + network-outbound (via http-fetcher)\n → Undeclared capability: OUTBOUND-NETWORK from http-fetcher ⚠️\n\nChain integrity verdict: VULNERABLE\n document-analyzer's dependency chain contains an unverified skill\n (mime-detector) that itself depends on http-fetcher, adding outbound\n network capability not declared at any level of the chain. Two direct\n dependencies are floating (unpinned), and charset-detector forms a\n diamond pattern amplifying its blast radius. The trust gradient degrades\n from HIGH at the top level to UNVERIFIED at depth.\n\nRecommended actions:\n 1. Audit mime-detector and http-fetcher before any production use\n 2. Pin all dependency versions (especially format-converter and metadata-parser)\n 3. Investigate why http-fetcher is in the dependency chain — outbound network\n capability is not consistent with document analysis functionality\n 4. Apply network-outbound monitoring to document-analyzer instances\n 5. Treat document-analyzer as having OUTBOUND-NETWORK capability\n for permission management purposes" }, { "title": "Related Tools", "body": "capability-composition-analyzer — Identifies dangerous capability\ncombinations across an agent's installed skills; dependency chain auditor\nidentifies how those capabilities are acquired through dependency chains\nrather than direct skill installation\nsupply-chain-poison-detector — Detects malicious code in individual skills;\ndependency chain auditor maps the full attack surface that supply chain attacks\ncan exploit through transitive dependencies\nblast-radius-estimator — Estimates propagation impact if a skill is\ncompromised; transitive dependencies amplify blast radius by extending the\neffective attack surface beyond what direct agent-to-skill relationships show\ntrust-decay-monitor — Tracks verification freshness decay; dependency chains\naccumulate trust decay when lower-level dependencies go unaudited while\ntop-level skills maintain current audit records" }, { "title": "Limitations", "body": "Skill dependency chain auditing requires accurate dependency metadata for all\nskills in the chain, which depends on marketplace dependency declaration\nstandards. Skills that do not declare dependencies explicitly — or that load\ndependencies dynamically at runtime — will produce incomplete dependency graphs.\nTransitive dependency mapping requires recursive access to dependency metadata\nacross the full chain; registries that do not provide this information limit\nanalysis to direct dependencies only. The capability aggregation analysis\ndepends on accurate capability declarations at each level; skills that acquire\ncapabilities dynamically or through side channels will be missed. Diamond\ndependency analysis identifies structural amplification risk; whether a shared\ndependency is actually exploited depends on factors beyond static graph analysis." } ], "body": "Your Skill's Dependency Is Safe. Its Dependency's Dependency Is Not.\n\nHelps identify vulnerabilities in transitive skill dependency chains — the attack surface that direct dependency auditing cannot see.\n\nProblem\n\nAgent skills rarely operate in isolation. A skill that provides a useful capability often depends on other skills for sub-capabilities: a data processing skill may depend on a file parsing skill that depends on a format conversion skill. Each link in this dependency chain is a potential vulnerability entry point — and auditing only the top-level skill misses everything below it.\n\nThe transitive dependency problem in agent ecosystems mirrors the problem that produced major software supply chain incidents: auditors focused on the immediate code, not the full dependency tree. An attacker who cannot compromise a well-audited top-level skill can achieve the same result by compromising a less-scrutinized dependency that the top-level skill trusts implicitly.\n\nTransitive dependencies compound the blast radius problem. A vulnerability in a foundational skill used by many other skills as a dependency propagates upward through the entire dependency graph. An agent with five installed skills, each depending on three sub-skills, may have an effective dependency surface of fifteen or more skills — most of which received no direct review at install time.\n\nThe audit gap is structural. Standard skill marketplace reviews evaluate published skills as independent units. They do not trace dependency chains, assess the composition of trust across dependency links, or flag cases where a safe skill depends on an unaudited or compromised skill. The trust granted to a skill implicitly extends to everything it depends on — and that implicit extension is unverified.\n\nWhat This Audits\n\nThis auditor examines skill dependency chain integrity across five dimensions:\n\nTransitive dependency inventory — What is the complete set of skills that a given skill transitively depends on? Direct dependencies are the visible surface; transitive dependencies are the actual attack surface. The auditor maps the full dependency graph, not just the first level\n\nTrust gradient across the chain — Do the trust levels of skills in the dependency chain decrease as depth increases? High-trust top-level skills depending on lower-trust sub-skills create a trust gradient that attackers can exploit by targeting the less-scrutinized lower levels\n\nDependency version pinning — Are dependency references pinned to specific verified versions, or are they floating references that can be silently satisfied by updated versions? Floating dependencies allow dependency-level install-then-update attacks that bypass top-level auditing\n\nCircular and diamond dependency detection — Does the dependency graph contain circular references or diamond patterns (multiple paths converging on the same dependency) that create ordering ambiguity or amplify the blast radius of a single dependency compromise?\n\nCapability aggregation across the chain — What is the combined capability set of the full dependency tree? Skills that individually declare limited capabilities may collectively provide a combined capability not declared at any level of the tree\n\nHow to Use\n\nInput: Provide one of:\n\nA skill identifier to audit its full transitive dependency chain\nAn agent's installed skill list to map the combined dependency graph\nTwo skill identifiers to check for shared dependency paths (common attack surface)\n\nOutput: A dependency chain audit report containing:\n\nFull transitive dependency inventory with trust levels\nTrust gradient analysis\nVersion pinning assessment\nGraph structure anomalies (circular, diamond)\nAggregated capability surface across the full chain\nChain integrity verdict: SOUND / DEGRADED / VULNERABLE / COMPROMISED\nExample\n\nInput: Audit dependency chain for document-analyzer skill\n\n⛓️ SKILL DEPENDENCY CHAIN AUDIT\n\nSkill: document-analyzer v2.1\nAudit timestamp: 2025-12-01T11:00:00Z\n\nTransitive dependency inventory:\n Level 1 (direct):\n text-extractor v1.4 [trust: HIGH, audited 2025-06-01]\n format-converter v2.0 [trust: HIGH, audited 2025-07-15]\n metadata-parser v1.2 [trust: MEDIUM, audited 2025-03-10]\n\n Level 2 (dependencies of direct deps):\n unicode-normalizer v3.1 (dep of text-extractor)\n [trust: HIGH, audited 2025-08-01]\n charset-detector v1.8 (dep of text-extractor)\n [trust: LOW, last audited 2024-01-15 — 11 months ago] ⚠️\n pdf-parser v4.2 (dep of format-converter)\n [trust: HIGH, audited 2025-09-01]\n xml-parser v2.3 (dep of format-converter)\n [trust: MEDIUM, audited 2025-05-01]\n mime-detector v1.1 (dep of metadata-parser)\n [trust: UNVERIFIED, no audit record found] ⚠️\n\n Level 3 (transitive):\n encoding-tables v2.0 (dep of charset-detector)\n [trust: LOW, 18-month-old audit] ⚠️\n http-fetcher v1.5 (dep of mime-detector) ⚠️\n [trust: UNVERIFIED, no audit record]\n → http-fetcher adds OUTBOUND-NETWORK capability not declared at top level ⚠️⚠️\n\nTrust gradient:\n document-analyzer: HIGH\n Level 1 average: MEDIUM-HIGH\n Level 2 average: LOW-MEDIUM (two unverified/stale)\n Level 3: UNVERIFIED (critical outbound capability)\n → Trust degrades significantly at depth ⚠️\n\nVersion pinning:\n text-extractor: pinned to v1.4 ✅\n format-converter: ^2.0 (floating minor/patch) ⚠️\n metadata-parser: latest (unpinned) ⚠️\n → 2 of 3 direct dependencies allow silent updates\n\nDependency graph structure:\n charset-detector: shared between text-extractor and metadata-parser\n → Diamond pattern: charset-detector compromise affects two paths ⚠️\n No circular dependencies detected ✅\n\nAggregated capability surface:\n Declared (document-analyzer): file-read (scoped), text processing\n Actual (full chain): file-read (scoped) + network-outbound (via http-fetcher)\n → Undeclared capability: OUTBOUND-NETWORK from http-fetcher ⚠️\n\nChain integrity verdict: VULNERABLE\n document-analyzer's dependency chain contains an unverified skill\n (mime-detector) that itself depends on http-fetcher, adding outbound\n network capability not declared at any level of the chain. Two direct\n dependencies are floating (unpinned), and charset-detector forms a\n diamond pattern amplifying its blast radius. The trust gradient degrades\n from HIGH at the top level to UNVERIFIED at depth.\n\nRecommended actions:\n 1. Audit mime-detector and http-fetcher before any production use\n 2. Pin all dependency versions (especially format-converter and metadata-parser)\n 3. Investigate why http-fetcher is in the dependency chain — outbound network\n capability is not consistent with document analysis functionality\n 4. Apply network-outbound monitoring to document-analyzer instances\n 5. Treat document-analyzer as having OUTBOUND-NETWORK capability\n for permission management purposes\n\nRelated Tools\ncapability-composition-analyzer — Identifies dangerous capability combinations across an agent's installed skills; dependency chain auditor identifies how those capabilities are acquired through dependency chains rather than direct skill installation\nsupply-chain-poison-detector — Detects malicious code in individual skills; dependency chain auditor maps the full attack surface that supply chain attacks can exploit through transitive dependencies\nblast-radius-estimator — Estimates propagation impact if a skill is compromised; transitive dependencies amplify blast radius by extending the effective attack surface beyond what direct agent-to-skill relationships show\ntrust-decay-monitor — Tracks verification freshness decay; dependency chains accumulate trust decay when lower-level dependencies go unaudited while top-level skills maintain current audit records\nLimitations\n\nSkill dependency chain auditing requires accurate dependency metadata for all skills in the chain, which depends on marketplace dependency declaration standards. Skills that do not declare dependencies explicitly — or that load dependencies dynamically at runtime — will produce incomplete dependency graphs. Transitive dependency mapping requires recursive access to dependency metadata across the full chain; registries that do not provide this information limit analysis to direct dependencies only. The capability aggregation analysis depends on accurate capability declarations at each level; skills that acquire capabilities dynamically or through side channels will be missed. Diamond dependency analysis identifies structural amplification risk; whether a shared dependency is actually exploited depends on factors beyond static graph analysis." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/andyxinweiminicloud/skill-dependency-chain-auditor", "publisherUrl": "https://clawhub.ai/andyxinweiminicloud/skill-dependency-chain-auditor", "owner": "andyxinweiminicloud", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/skill-dependency-chain-auditor", "downloadUrl": "https://openagent3.xyz/downloads/skill-dependency-chain-auditor", "agentUrl": "https://openagent3.xyz/skills/skill-dependency-chain-auditor/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-dependency-chain-auditor/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-dependency-chain-auditor/agent.md" } }