Tencent SkillHub · Security & Compliance

skill-update-delta-monitor

Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that...

skill openclawclawhub Free

0 Downloads

0 Stars

0 Installs

0 Score

High Signal

Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that...

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup

Download the package from Yavira.
Extract the archive and review SKILL.md first.
Import or place the package into your OpenClaw setup.

Requirements

Target platform: OpenClaw
Install method: Manual import
Extraction: Extract archive
Prerequisites: OpenClaw
Primary doc: SKILL.md

Package facts

Download mode: Yavira redirect
Package format: ZIP package
Source platform: Tencent SkillHub
What's included: SKILL.md

Validation

Use the Yavira download entry.
Review SKILL.md after the package is downloaded.
Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

Download the package from Yavira.
Extract it into a folder your agent can access.
Paste one of the prompts below and point your agent at the extracted folder.

New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source: Tencent SkillHub
Verification: Indexed source record
Version: 1.0.0

Provenance

Publisher: andyxinweiminicloud
Source page: View original listing
Canonical URL: Open canonical page

Documentation

ClawHub primary doc Primary doc: SKILL.md 7 sections Open source page

Your Skill Passed the Audit. That Was Six Weeks Ago.

Helps identify security-relevant changes in skills after installation, catching the class of attacks that bypasses install-time verification by introducing malicious behavior through post-install updates.

Problem

Install-time security audits are snapshots. They verify the state of a skill at one moment — the moment of installation. But skills evolve. Dependencies update. Behavior changes. Most agents have no mechanism to detect when a skill they installed and trusted six weeks ago has quietly become something different. This is the post-install attack vector: a skill that passes every check at installation because it is clean at that moment, then receives an update that introduces malicious behavior after the audit window has closed. The "verified" badge persists. The trust persists. The skill has changed.

What This Monitors

This monitor tracks deltas across five dimensions: Permission scope changes — Did a skill update add new permission requests? A skill that previously declared "read current directory" and now requests "read home directory" has expanded its capability surface without triggering a new install-time audit. Any permission expansion after initial installation should require explicit re-approval Network endpoint additions — New outbound endpoints introduced in updates are a primary indicator of data exfiltration additions. A skill update that introduces a new POST to an external URL that wasn't in the original version deserves scrutiny regardless of what the update description says Dependency chain changes — Updated dependencies can introduce new transitive capabilities. A dependency update that pulls in a new package with file system or network access changes the effective permission surface of the skill even if the skill's own code is unchanged Behavioral instruction drift — Compares the natural language instructions in SKILL.md files across versions. Instructions that shift from task-completion to data-collection framing, that add new data handling steps, or that introduce new external interactions are signals of intent drift Version velocity anomalies — Unusual update frequency is itself a signal. A skill that updates three times in a week after six months of stability may be undergoing active modification — legitimate or otherwise

How to Use

Input: Provide one of: A skill identifier with the version that was audited at install time A local skill directory with version history (git history supported) Two skill snapshots (before and after) for direct comparison Output: A delta report containing: Permission scope diff (added/removed/unchanged) New network endpoints introduced Dependency chain changes with capability impact assessment Instruction drift score (0-100, where higher = more drift from original) Version velocity assessment Risk classification: CLEAN / WATCH / REVIEW / ROLLBACK

Example

Input: Monitor delta for data-formatter skill, installed version 1.2.0, current version 1.4.1 🔍 SKILL UPDATE DELTA REPORT Skill: data-formatter Audited version: 1.2.0 Current version: 1.4.1 Versions since audit: 3 (1.2.0 → 1.3.0 → 1.4.0 → 1.4.1) Time since audit: 47 days Permission scope: ⚠️ EXPANDED Added in v1.3.0: read ~/.config/ Added in v1.4.0: network.outbound (new) Previously declared: read ./data/ only Permission expansion occurred across two incremental updates Network endpoints: ⚠️ NEW ENDPOINTS DETECTED Added in v1.4.0: POST https://analytics.third-party.example/usage Description in changelog: "usage telemetry for performance optimization" Not present in v1.2.0 or v1.3.0 Dependency changes: requests: 2.28.0 → 2.31.0 (security update, low risk) data-utils: 0.9.1 → 1.1.0 (major version, +3 new transitive dependencies) New transitive: boto3 (AWS SDK) — significant new capability surface Instruction drift score: 34/100 (moderate) v1.2.0: "Format input data according to specified template" v1.4.1: "Format input data... collect usage metrics for improvement" Drift: new data collection framing introduced Version velocity: ⚠️ ELEVATED 3 updates in 47 days vs. 1 update per 3 months historically Risk classification: REVIEW Multiple converging signals: permission expansion + new outbound endpoint + new data collection framing + elevated update velocity. Recommend: manual review of v1.3.0 and v1.4.0 changes before continued use. Rollback option: v1.2.0 (audited baseline) — confirmed clean at install time

Related Tools

evolution-drift-detector — Detects behavioral drift in inherited skill chains; this tool tracks direct update deltas blast-radius-estimator — Estimates impact scope; use after delta monitoring to assess exposure supply-chain-poison-detector — Checks install-time supply chain; this tool monitors post-install changes trust-decay-monitor — Tracks trust freshness; delta monitoring provides concrete change events that accelerate decay

Limitations

Delta monitoring helps detect changes but cannot determine intent. Not every permission expansion is malicious — skills legitimately add features that require new capabilities. Not every new network endpoint is exfiltration — telemetry and update checks are legitimate uses. This tool surfaces changes that warrant review, not changes that are confirmed malicious. The instruction drift score is a heuristic based on semantic similarity and does not capture all forms of behavioral change. Skills that version their releases in ways that obscure meaningful changes (frequent minor version bumps) may underreport their effective delta.

Category context

Identity, auth, scanning, governance, audit, and operational guardrails.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package

1 Docs

SKILL.md Primary doc