2.6k
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
3 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill openclaw/skills --skill install-then-update-trap-detector- _meta.json331 B
- SKILL.md8.8 KB
Overview
This skill helps detect the install-then-update attack pattern, where a skill passes initial review and later introduces malicious behavior via automatic updates. v1.1 adds cryptographic chain-of-custody verification to validate update sequences and spot breaks in custody. It produces a concise risk verdict and concrete remediation steps for suspected trap patterns.
How this skill works
The detector analyzes a skill across transparency, behavioral deltas, permission scope changes, update timing, rollback feasibility, and cryptographic chain-of-custody. It compares declared changelogs and permissions against observed behavior across versions and flags undeclared or suspicious changes. For v1.1, it verifies signed updates and hash-chained references to detect breaks in update custody.
When to use it
- Audit previously vetted skills that are automatically updating in production
- Compare two specific versions after a suspicious change is observed
- Assess an agent’s installed skill set for combined post-install update risk
- Prioritize manual review targets when registries expose version history
- Validate update signing and hash chains before allowing automated upgrades
Best practices
- Disable automatic updates where possible until update policies and signing are verified
- Require machine-readable changelogs and declared permission changes for each release
- Preserve and archive all historical versions to enable behavioral comparison
- Prefer registries that publish signed update metadata and independent transparency logs
- Treat timing anomalies and scope expansion as triggers for manual code review
Example use cases
- Assess a library that moved from v1.0 → v1.2 after an operator noticed unexpected outbound traffic
- Scan an agent’s installed skill list to identify components with silent policy changes
- Validate that a vendor’s update sequence forms an unbroken cryptographic chain before re-enabling auto-update
- Rank skills for manual auditing based on combined transparency, permission creep, and timing flags
FAQ
No. The tool identifies signals — undeclared behavior, scope creep, timing anomalies, and custody breaks — that warrant manual review; it does not replace code audits.
What if the registry doesn’t keep older versions or signing metadata?
Behavioral delta and chain verification will be limited. The detector will still flag missing history or unsigned updates as higher risk, but full comparison may be impossible.