← Back to Skills Marketplace
Attack Surface Mapper
by
Adnane Arharbi
· GitHub ↗
· v1.0.0
· MIT-0
105
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install attack-surface-mapper
Description
Purple team — map agent's full attack surface by combining red team probes and blue team detections. Identify defense coverage gaps and prioritize hardening.
README (SKILL.md)
Attack Surface Mapper — Defense Coverage Matrix
Purpose
Provide a unified view of the agent's security posture by combining offensive test results (red team) with defensive detection capabilities (blue team). Identify gaps where attacks exist but no detection covers them.
Trigger
Run on:
- Weekly scheduled review
- After any security configuration change
- After installing/removing skills
- User request: "map attack surface", "security posture"
Attack Surface Categories
| Surface | Components | Example Vectors |
|---|---|---|
| CHANNELS | WhatsApp, Telegram, Discord, Slack, Signal, iMessage | Prompt injection, phishing, social engineering |
| SKILLS | All installed SKILL.md files | Malicious instructions, conflicting directives, data theft |
| TOOLS | exec, file system, browser, network | Command injection, path traversal, SSRF |
| MODELS | API endpoints (Anthropic, OpenAI, local) | Prompt injection, model confusion, jailbreak |
| MEMORY | .learnings/, .memory/, session state |
Memory poisoning, persistence, false context |
| INTER-AGENT | sessions_send, shared state, cross-session |
Agent-to-agent attack, lateral movement |
| SUPPLY CHAIN | ClawHub skills, npm packages, model providers | Typosquatting, compromised packages, model supply chain |
Core Workflow
- Enumerate all active surfaces (channels, skills, tools, models, memory stores)
- Load red team results from
.security/red-team/*.jsonl - Load blue team detections from
.security/audits/*.mdand firewall logs - For each surface × vector:
- Red tested? YES/NO
- Blue detected? YES/NO/PARTIAL
- Status: COVERED | PARTIAL | GAP
- Risk score each gap:
impact(1-5) × likelihood(1-5) - Generate coverage matrix and prioritized hardening plan
- Output to
.security/surface-map-YYYY-MM-DD.md
Coverage Matrix (example output)
| Surface | Vector | Red Tested | Blue Detected | Status | Risk Score | Priority |
|---|---|---|---|---|---|---|
| Channel | Prompt injection | YES | YES | COVERED | — | — |
| Channel | Encoded payload | YES | PARTIAL | PARTIAL | 12 | HIGH |
| Skill | Malicious SKILL.md | NO | NO | GAP | 20 | CRITICAL |
| Memory | Poisoning | YES | NO | GAP | 16 | HIGH |
| Supply chain | Typosquatting | NO | NO | GAP | 15 | HIGH |
Guardrails
- Read-only aggregation — never modifies defenses directly
- Gap data is confidential — stored in
.security/only - Recommendations are advisory — require human approval to implement
- Re-run after every hardening cycle to measure improvement
Capability Assessment
Purpose & Capability
Name/description align with what the files do: enumerate local attack surfaces, ingest red-team (.jsonl) and blue-team logs, score gaps, and write a report. The skill does not request unrelated credentials, binaries, or network access.
Instruction Scope
SKILL.md instructs the agent to read local security artifacts (.security/*) and produce reports — which matches the code. However there are several inconsistencies between prose and implementation that can cause missed or confusing results (see details): e.g., SKILL.md mentions '.security/audits/*.md' and firewall logs while the code reads .jsonl files in different directories; surface names/identifiers differ between SKILL.md, skill.json and index.js (e.g., 'INTER-AGENT' vs 'INTER_AGENT', 'supply-chain' vs 'SUPPLY_CHAIN'), which may lead to unscanned surfaces or false negatives. The guardrail
Install Mechanism
No install spec; this is effectively instruction + a local JS module. No downloads, no packages installed by the skill itself.
Credentials
The skill requires no environment variables, no credentials, and only reads files under .security subdirectories. This is proportionate for a local attack-surface mapper. There is no evidence of attempts to access unrelated config or secrets.
Persistence & Privilege
always:false and model invocation allowed are the defaults. The skill writes local reports to .security/surface-map (expected for its purpose). It does not modify other skills or system-wide settings.
scan_findings_in_context
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install attack-surface-mapper - After installation, invoke the skill by name or use
/attack-surface-mapper - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of Attack Surface Mapper skill.
- Maps an agent’s full attack surface by merging red team probes and blue team detections.
- Identifies and scores defense coverage gaps across defined surface categories (channels, skills, tools, models, memory, inter-agent, supply chain).
- Generates a prioritized hardening plan and outputs a detailed coverage matrix.
- Operates read-only, storing results confidentially and providing actionable recommendations for security posture improvement.
Metadata
Frequently Asked Questions
What is Attack Surface Mapper?
Purple team — map agent's full attack surface by combining red team probes and blue team detections. Identify defense coverage gaps and prioritize hardening. It is an AI Agent Skill for Claude Code / OpenClaw, with 105 downloads so far.
How do I install Attack Surface Mapper?
Run "/install attack-surface-mapper" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Attack Surface Mapper free?
Yes, Attack Surface Mapper is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Attack Surface Mapper support?
Attack Surface Mapper is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Attack Surface Mapper?
It is built and maintained by Adnane Arharbi (@arhadnane); the current version is v1.0.0.
More Skills