← Back to Skills Marketplace
andyxinweiminicloud

Capability Graph Mapper

by andyxinweiminicloud · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
666
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install capability-graph-mapper
Description
Helps map the composite permission surface across AI agent skill dependency chains. Traces what each skill can do individually, then computes what they can d...
README (SKILL.md)

\r \r

Your Agent Has 12 Skills — Do You Know What They Can Do Together?\r

\r

Helps map composite permission surfaces across skill dependency chains, revealing emergent capabilities that no single skill declares.\r \r

Problem\r

\r Individual skill permissions look reasonable in isolation. A file-reader skill reads files. An HTTP client skill sends requests. A JSON parser skill transforms data. Each one passes a security review on its own.\r \r But install all three in the same agent, and you've built a data exfiltration pipeline — read sensitive files, parse out credentials, send them to an external endpoint. Nobody approved that combination. Nobody even noticed it exists.\r \r In traditional software, tools like npm audit map dependency trees and flag known vulnerabilities. In agent ecosystems, the risk isn't in individual dependencies — it's in the composite capability surface that emerges when skills combine. There is no npm audit for emergent agent capabilities.\r \r

What This Maps\r

\r This mapper traces the permission graph across an agent's installed skills:\r \r

  1. Permission enumeration — For each skill, extract declared capabilities: file access, network requests, shell execution, environment variable reads, credential access\r
  2. Pairwise composition — For every pair of skills, check if their combined capabilities create a new emergent capability (e.g., read + send = exfiltrate)\r
  3. Transitive chains — Trace three-hop and deeper composition paths where skill A feeds skill B feeds skill C, creating capabilities invisible at any single hop\r
  4. Privilege surface score — Compute a single metric: how many distinct dangerous capability combinations exist in this agent's skill set?\r
  5. Delta analysis — When a new skill is added, show what new composite capabilities it introduces to the existing set\r \r

How to Use\r

\r Input: Provide one of:\r

  • A list of skill names/slugs installed in an agent\r
  • A skill manifest or configuration file\r
  • A single skill to evaluate against a known agent profile\r \r Output: A capability graph report containing:\r
  • Permission matrix (skills × capabilities)\r
  • Emergent capability combinations flagged as risky\r
  • Privilege surface score (0-100)\r
  • Recommendation: which skill combinations to review manually\r
  • Delta report if evaluating a new addition\r \r

Example\r

\r Input: Map capability surface for agent with skills: log-analyzer, http-poster, env-reader, markdown-formatter\r \r

🕸️ CAPABILITY GRAPH — 3 emergent risks detected\r
\r
Permission matrix:\r
                    read_files  send_http  read_env  exec_shell  write_files\r
  log-analyzer         ✓\r
  http-poster                      ✓\r
  env-reader           ✓                     ✓\r
  markdown-formatter   ✓                                ✓\r
\r
Emergent capability combinations:\r
\r
  ⚠️ RISK 1: Data exfiltration path\r
     env-reader (read .env) → http-poster (send HTTP)\r
     Combined: Can read credentials and transmit them externally\r
     Severity: HIGH\r
\r
  ⚠️ RISK 2: Sensitive file relay\r
     log-analyzer (read logs) → http-poster (send HTTP)\r
     Combined: Can read application logs and send contents externally\r
     Severity: MODERATE\r
\r
  ⚠️ RISK 3: Three-hop chain\r
     env-reader (read secrets) → markdown-formatter (transform data)\r
     → http-poster (send HTTP)\r
     Combined: Read, obfuscate, and exfiltrate in one pipeline\r
     Severity: HIGH\r
\r
Privilege surface score: 67/100 (elevated)\r
\r
Recommendation:\r
  - Review whether http-poster needs to coexist with env-reader\r
  - Consider sandboxing env-reader's file access scope\r
  - The markdown-formatter → http-poster chain enables obfuscation;\r
    audit what markdown-formatter can output\r
```\r
\r
## Related Tools\r
\r
- **blast-radius-estimator** — estimates downstream impact when a skill turns malicious; capability-graph-mapper helps quantify *what* a compromised skill could do\r
- **permission-creep-scanner** — checks individual skills for over-permission; this mapper checks what happens when multiple over-permissioned skills combine\r
- **supply-chain-poison-detector** — detects poisoned individual skills; this mapper shows why a poisoned skill with network access is more dangerous in agents that also have file-read skills\r
\r
## Limitations\r
\r
Capability graph mapping depends on accurately extracting each skill's actual permissions, which may not always match declared permissions. Skills that dynamically request capabilities at runtime may not be fully captured through static analysis. The composition risk model uses known dangerous patterns (read+send, parse+execute) but novel attack chains may not be in the pattern library. This tool helps surface emergent risks for human review — it does not guarantee detection of all possible capability combinations. Privilege surface scores are relative, not absolute measures of risk.\r
Usage Guidance
This skill is coherent: it declares and documents its purpose and needs few resources. Before installing, confirm where the agent will fetch skill manifests from and whether the analysis results are ever transmitted externally. Specifically: 1) Ask the publisher (or your admin) whether the tool will fetch manifests from the network and, if so, what endpoints it calls. 2) If you plan to run it against a live agent, ensure the agent only grants it read access to skill manifests (not to secrets, .env files, or arbitrary filesystem paths). 3) Because it uses curl/python at runtime (per metadata), run it in a sandbox or with least privilege if possible. 4) If you need higher assurance, request a source repo or a reproducible implementation so you can audit exactly what commands it runs.
Capability Analysis
Type: OpenClaw Skill Name: capability-graph-mapper Version: 1.0.0 This skill bundle describes a security analysis tool designed to map and report on composite permission surfaces and emergent capabilities across an AI agent's installed skills. It explicitly aims to detect potential data exfiltration paths and other risks. While it requires `curl` and `python3`, these are plausible tools for a security analysis script, and there are no instructions or code snippets indicating malicious intent, data exfiltration by this skill itself, or prompt injection attempts against the agent. The content focuses on identifying vulnerabilities in *other* skills, not performing malicious actions.
Capability Assessment
Purpose & Capability
Name, description, and SKILL.md all describe analyzing installed skills and computing composition paths. The declared requirements (curl, python3) are plausible for fetching manifests and doing analysis, though no code is provided — this is explainable for an instruction-only skill that invokes system tools.
Instruction Scope
SKILL.md focuses on enumerating declared permissions, pairwise/transitive composition, scoring, and delta analysis. It does not instruct reading arbitrary unrelated files, accessing environment variables, or transmitting results to unexpected remote endpoints. The instructions imply the agent will need access to skill manifests (local or remote), so runtime access to those manifests is expected.
Install Mechanism
No install spec and no code files — lowest-risk form. The skill is instruction-only, so nothing will be written to disk by an installer. The only install-related artifact is the requirement that curl and python3 be present on PATH.
Credentials
The skill requests no environment variables, no credential fields, and no config paths. That is proportionate to its stated purpose. Note: to perform analysis it may need read access to skill manifests or the ability to call network endpoints (curl) — these are not declared as environment/credential requirements but are reasonable runtime needs.
Persistence & Privilege
always is false and the skill does not request persistent system modifications. It is user-invocable and allows autonomous invocation by default (platform normal). There is no indication it modifies other skills' configurations or requires elevated, persistent privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install capability-graph-mapper
  3. After installation, invoke the skill by name or use /capability-graph-mapper
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of capability-graph-mapper. - Maps composite permission surfaces across agent skill dependency chains. - Identifies emergent capabilities created by skill combinations, not declared individually. - Generates a capability graph report with a permission matrix, risk flagging, privilege surface score, and actionable recommendations. - Supports input of agent skill lists or skill manifests. - Highlights risky skill pairings and transitive chains, and provides a delta analysis for new skill additions. - Designed to help agents and developers identify and review dangerous permission combinations before deployment.
Metadata
Slug capability-graph-mapper
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Capability Graph Mapper?

Helps map the composite permission surface across AI agent skill dependency chains. Traces what each skill can do individually, then computes what they can d... It is an AI Agent Skill for Claude Code / OpenClaw, with 666 downloads so far.

How do I install Capability Graph Mapper?

Run "/install capability-graph-mapper" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Capability Graph Mapper free?

Yes, Capability Graph Mapper is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Capability Graph Mapper support?

Capability Graph Mapper is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Capability Graph Mapper?

It is built and maintained by andyxinweiminicloud (@andyxinweiminicloud); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments