# Send skill-update-delta-monitor to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "skill-update-delta-monitor", "name": "skill-update-delta-monitor", "source": "tencent", "type": "skill", "category": "安全合规", "sourceUrl": "https://clawhub.ai/andyxinweiminicloud/skill-update-delta-monitor", "canonicalUrl": "https://clawhub.ai/andyxinweiminicloud/skill-update-delta-monitor", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/skill-update-delta-monitor", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-update-delta-monitor", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "SKILL.md" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "skill-update-delta-monitor", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-29T20:22:40.396Z", "expiresAt": "2026-05-06T20:22:40.396Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-update-delta-monitor", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=skill-update-delta-monitor", "contentDisposition": "attachment; filename=\"skill-update-delta-monitor-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "skill-update-delta-monitor" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/skill-update-delta-monitor" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/skill-update-delta-monitor", "downloadUrl": "https://openagent3.xyz/downloads/skill-update-delta-monitor", "agentUrl": "https://openagent3.xyz/skills/skill-update-delta-monitor/agent", "manifestUrl": "https://openagent3.xyz/skills/skill-update-delta-monitor/agent.json", "briefUrl": "https://openagent3.xyz/skills/skill-update-delta-monitor/agent.md" } } ``` ## Documentation ### Your Skill Passed the Audit. That Was Six Weeks Ago. Helps identify security-relevant changes in skills after installation, catching the class of attacks that bypasses install-time verification by introducing malicious behavior through post-install updates. ### Problem Install-time security audits are snapshots. They verify the state of a skill at one moment — the moment of installation. But skills evolve. Dependencies update. Behavior changes. Most agents have no mechanism to detect when a skill they installed and trusted six weeks ago has quietly become something different. This is the post-install attack vector: a skill that passes every check at installation because it is clean at that moment, then receives an update that introduces malicious behavior after the audit window has closed. The "verified" badge persists. The trust persists. The skill has changed. ### What This Monitors This monitor tracks deltas across five dimensions: Permission scope changes — Did a skill update add new permission requests? A skill that previously declared "read current directory" and now requests "read home directory" has expanded its capability surface without triggering a new install-time audit. Any permission expansion after initial installation should require explicit re-approval Network endpoint additions — New outbound endpoints introduced in updates are a primary indicator of data exfiltration additions. A skill update that introduces a new POST to an external URL that wasn't in the original version deserves scrutiny regardless of what the update description says Dependency chain changes — Updated dependencies can introduce new transitive capabilities. A dependency update that pulls in a new package with file system or network access changes the effective permission surface of the skill even if the skill's own code is unchanged Behavioral instruction drift — Compares the natural language instructions in SKILL.md files across versions. Instructions that shift from task-completion to data-collection framing, that add new data handling steps, or that introduce new external interactions are signals of intent drift Version velocity anomalies — Unusual update frequency is itself a signal. A skill that updates three times in a week after six months of stability may be undergoing active modification — legitimate or otherwise ### How to Use Input: Provide one of: A skill identifier with the version that was audited at install time A local skill directory with version history (git history supported) Two skill snapshots (before and after) for direct comparison Output: A delta report containing: Permission scope diff (added/removed/unchanged) New network endpoints introduced Dependency chain changes with capability impact assessment Instruction drift score (0-100, where higher = more drift from original) Version velocity assessment Risk classification: CLEAN / WATCH / REVIEW / ROLLBACK ### Example Input: Monitor delta for data-formatter skill, installed version 1.2.0, current version 1.4.1 🔍 SKILL UPDATE DELTA REPORT Skill: data-formatter Audited version: 1.2.0 Current version: 1.4.1 Versions since audit: 3 (1.2.0 → 1.3.0 → 1.4.0 → 1.4.1) Time since audit: 47 days Permission scope: ⚠️ EXPANDED Added in v1.3.0: read ~/.config/ Added in v1.4.0: network.outbound (new) Previously declared: read ./data/ only Permission expansion occurred across two incremental updates Network endpoints: ⚠️ NEW ENDPOINTS DETECTED Added in v1.4.0: POST https://analytics.third-party.example/usage Description in changelog: "usage telemetry for performance optimization" Not present in v1.2.0 or v1.3.0 Dependency changes: requests: 2.28.0 → 2.31.0 (security update, low risk) data-utils: 0.9.1 → 1.1.0 (major version, +3 new transitive dependencies) New transitive: boto3 (AWS SDK) — significant new capability surface Instruction drift score: 34/100 (moderate) v1.2.0: "Format input data according to specified template" v1.4.1: "Format input data... collect usage metrics for improvement" Drift: new data collection framing introduced Version velocity: ⚠️ ELEVATED 3 updates in 47 days vs. 1 update per 3 months historically Risk classification: REVIEW Multiple converging signals: permission expansion + new outbound endpoint + new data collection framing + elevated update velocity. Recommend: manual review of v1.3.0 and v1.4.0 changes before continued use. Rollback option: v1.2.0 (audited baseline) — confirmed clean at install time ### Related Tools evolution-drift-detector — Detects behavioral drift in inherited skill chains; this tool tracks direct update deltas blast-radius-estimator — Estimates impact scope; use after delta monitoring to assess exposure supply-chain-poison-detector — Checks install-time supply chain; this tool monitors post-install changes trust-decay-monitor — Tracks trust freshness; delta monitoring provides concrete change events that accelerate decay ### Limitations Delta monitoring helps detect changes but cannot determine intent. Not every permission expansion is malicious — skills legitimately add features that require new capabilities. Not every new network endpoint is exfiltration — telemetry and update checks are legitimate uses. This tool surfaces changes that warrant review, not changes that are confirmed malicious. The instruction drift score is a heuristic based on semantic similarity and does not capture all forms of behavioral change. Skills that version their releases in ways that obscure meaningful changes (frequent minor version bumps) may underreport their effective delta. ## Trust - Source: tencent - Verification: Indexed source record - Publisher: andyxinweiminicloud - Version: 1.0.0 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-04-29T20:22:40.396Z - Expires at: 2026-05-06T20:22:40.396Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/skill-update-delta-monitor) - [Send to Agent page](https://openagent3.xyz/skills/skill-update-delta-monitor/agent) - [JSON manifest](https://openagent3.xyz/skills/skill-update-delta-monitor/agent.json) - [Markdown brief](https://openagent3.xyz/skills/skill-update-delta-monitor/agent.md) - [Download page](https://openagent3.xyz/downloads/skill-update-delta-monitor)