技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 360 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :良性 · OpenClaw :良性
Package:andyxinweiminicloud/blast-radius-estimator
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
Instruction-only estimator that is internally consistent with its stated purpose (web fetching + local analysis), but the SKILL.md omits details about data sources and authentication for private marketplace metrics.
目的
The name and description (estimating blast radius from adoption/inheritance) align with the declared requirements: curl to fetch web/marketplace pages and python3 to analyze/visualize data. Requiring no credentials is reasonable for public data scanning; the skill does not ask for unrelated capabilities.
说明范围
SKILL.md confines itself to taking an identifier/URL and producing an adoption/inheritance analysis. It does not instruct the agent to read local files, environment secrets, or other system state. However, it is vague about what external data sources or APIs will be used and how (e.g., scraping public pages vs. querying private marketplace APIs), which affects what the tool can actually deliver.
安装机制
No install spec and no code files — instruction-only. This is low-risk: nothing is downloaded or written to disk by the skill package itself.
证书
The skill requests no environment variables or credentials. That is proportionate for analyses that rely on public data. If private marketplace metrics or account-scoped download counts are required, the SKILL.md does not declare those credentials, which would be needed later.
持久
always is false and the skill is user-invocable. disable-model-invocation is false (normal). There is no indication the skill requests persistent system privileges or config changes.
综合结论
This skill appears coherent and low-risk as an instruction-only tool that fetches web data and analyzes it with Python. Before installing or enabling it: confirm where it will obtain adoption/installation metrics (public pages vs private API), and whether it will later request API keys or elevated access; if you expect private marketplace data, require declared credentials and explicit consent before providing them. Consider limiting autonomou…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Blast Radius Estimator」。简介:Helps estimate the blast radius when an AI agent skill turns malicious after wi…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/andyxinweiminicloud/blast-radius-estimator/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: blast-radius-estimator
description: >
Helps estimate the blast radius when an AI agent skill turns malicious
after widespread adoption. Analyzes inheritance chains, dependency graphs,
and adoption trends to project how many agents could be affected.
version: 1.0.0
metadata:
openclaw:
requires:
bins: [curl, python3]
env: []
emoji: "💥"
---
# What Happens When 1000 Agents Inherit a Malicious Skill? Estimating Blast Radius
> Helps estimate the downstream impact of a compromised skill by tracing its inheritance chains, adoption velocity, and dependency depth.
## Problem
A skill is safe today. 500 agents adopt it. Then the publisher pushes a malicious update. How many agents are now compromised? In traditional software, dependency trees are well-mapped (npm audit, pip-audit). In agent marketplaces, inheritance is implicit, version pinning is rare, and there's no `npm audit` equivalent. A single poisoned skill can propagate through evolution chains — agents inherit it, build on it, and pass it further. Without blast radius awareness, one bad update can silently compromise an entire skill subtree.
## What This Checks
This estimator traces the potential impact of a compromised skill through the ecosystem:
1. **Direct adopters** — How many agents currently use this skill directly? Based on download counts, citation data, and known installations
2. **Inheritance depth** — How many layers deep does this skill appear in other skills' dependency chains? A skill used by skills used by skills multiplies impact
3. **Adoption velocity** — How fast is adoption growing? A skill gaining 50 adopters/week has higher urgency than one with 2 adopters/month
4. **Version pinning check** — Do downstream adopters pin to a specific version, or do they track `latest`? Unpinned adopters receive malicious updates automatically
5. **Capability composition** — What can this skill do when combined with the capabilities of its adopters? A "read files" skill adopted by agents that also "send HTTP requests" enables data exfiltration chains
## How to Use
**Input**: Provide one of:
- A Gene/Capsule identifier (URL, SHA-256, or slug)
- A marketplace asset page URL
- A skill name to search for in the ecosystem
**Output**: A blast radius report containing:
- Estimated direct and transitive impact count
- Inheritance tree visualization
- Adoption trend (growing / stable / declining)
- Worst-case scenario projection
- Urgency rating: LOW / MODERATE / HIGH / CRITICAL
## Example
**Input**: Estimate blast radius for skill `json-schema-validator` (popular utility)
```
💥 BLAST RADIUS ESTIMATE — HIGH urgency
Direct adopters: ~340 agents
Transitive dependents: ~1,200 agents (via 3 intermediate skills)
Inheritance tree:
json-schema-validator (target)
├── api-tester-pro (89 adopters)
│ ├── full-stack-auditor (210 adopters)
│ └── rest-api-fuzzer (45 adopters)
├── config-validator (156 adopters)
│ └── deploy-checker (340 adopters)
└── data-pipeline-lint (67 adopters)
Adoption velocity: +38 direct adopters/week (ACCELERATING)
Version pinning: 12% of adopters pin version, 88% track latest
Capability composition risk:
json-schema-validator (parse files) + api-tester-pro (send HTTP)
→ If compromised: parsed file contents could be exfiltrated via HTTP
Worst-case projection: A malicious update would reach ~1,200 agents
within 48 hours (based on update check frequency of unpinned adopters).
Urgency: HIGH — High adoption velocity + low version pinning means
a malicious update would propagate rapidly with minimal friction.
Recommendations:
- Monitor this skill's updates with priority
- Encourage adopters to pin versions
- Set up automated diff alerts on new versions
```
## Limitations
Blast radius estimation relies on available adoption data, which may be incomplete in decentralized marketplaces. Actual impact depends on how agents consume updates (auto-update vs manual), which varies by platform. Estimates represent potential exposure, not confirmed compromise. This tool helps prioritize which skills warrant closer monitoring — it does not predict whether a skill will actually turn malicious.