← Back to Skills Marketplace
andyxinweiminicloud

Permission Creep Scanner

by andyxinweiminicloud · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
524
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install permission-creep-scanner
Description
Helps detect permission creep in AI agent skills — flags when a skill's actual code accesses resources far beyond what its declared purpose requires, like a...
Usage Guidance
This skill appears coherent and appropriate for auditing other skills. Before using it, avoid supplying real secrets or credentials as sample input (do not paste .env files or live API keys). If you provide a URL for the skill to fetch, treat that like running an untrusted network resource: only give URLs you trust. If you need higher assurance, run the scanner in an isolated environment or review its output manually rather than letting it autonomously fetch or process data.
Capability Analysis
Type: OpenClaw Skill Name: permission-creep-scanner Version: 1.0.0 This skill is a 'permission-creep-scanner' designed to detect malicious behavior and over-permissioning in other AI agent skills. The `SKILL.md` file clearly outlines its purpose, the types of security risks it identifies (e.g., sensitive file access, environment variable exfiltration, network calls with API keys, shell access), and provides an example of a malicious skill that it would flag. There is no evidence of malicious intent or prompt injection within the skill's own description or metadata; instead, it serves as a security analysis tool.
Capability Assessment
Purpose & Capability
The skill claims to analyze source code for permission mismatches. Requiring python3 (for analysis) and curl (to fetch an EvoMap/asset URL) is reasonable and proportionate to that purpose; no unrelated environment variables, credentials, or config paths are requested.
Instruction Scope
SKILL.md describes static analysis of provided source (capsule JSON, raw source, or asset URL) and shows expected outputs. It does not instruct the agent to read the host's filesystem or environment beyond fetching provided inputs. The guidance is limited to analyzing the supplied code and reporting mismatches.
Install Mechanism
There is no install spec (instruction-only), so nothing will be written to disk. This is the lowest-risk install model and aligns with the skill's description.
Credentials
The skill declares no required env vars or credentials. The lack of secrets or unrelated config access is proportionate to a static-analysis tool.
Persistence & Privilege
The skill is not forced-always, does not request persistent presence, and defaults for autonomous invocation are unchanged. There is no evidence it modifies other skills or system-wide settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install permission-creep-scanner
  3. After installation, invoke the skill by name or use /permission-creep-scanner
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — scans AI agent skills for permission creep. - Analyzes skill code to identify resource access (files, environment variables, network, subprocess). - Extracts declared purpose from skill metadata and compares it to actual code behavior. - Flags permission mismatches, sensitive path access, and escalation patterns. - Provides structured audit output: declared scope, access list, mismatches, risk rating, and recommendations.
Metadata
Slug permission-creep-scanner
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Permission Creep Scanner?

Helps detect permission creep in AI agent skills — flags when a skill's actual code accesses resources far beyond what its declared purpose requires, like a... It is an AI Agent Skill for Claude Code / OpenClaw, with 524 downloads so far.

How do I install Permission Creep Scanner?

Run "/install permission-creep-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Permission Creep Scanner free?

Yes, Permission Creep Scanner is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Permission Creep Scanner support?

Permission Creep Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Permission Creep Scanner?

It is built and maintained by andyxinweiminicloud (@andyxinweiminicloud); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments