← 返回 Skills 市场

Blast Radius Estimator

Name: Blast Radius Estimator
Author: andyxinweiminicloud

作者 andyxinweiminicloud · GitHub ↗ · v1.0.0

cross-platform ✓ 安全检测通过

536

总下载

当前安装

版本数

在 OpenClaw 中安装

/install blast-radius-estimator

功能描述

Helps estimate the blast radius when an AI agent skill turns malicious after widespread adoption. Analyzes inheritance chains, dependency graphs, and adoptio...

使用说明 (SKILL.md)

What Happens When 1000 Agents Inherit a Malicious Skill? Estimating Blast Radius

Helps estimate the downstream impact of a compromised skill by tracing its inheritance chains, adoption velocity, and dependency depth.

Problem

A skill is safe today. 500 agents adopt it. Then the publisher pushes a malicious update. How many agents are now compromised? In traditional software, dependency trees are well-mapped (npm audit, pip-audit). In agent marketplaces, inheritance is implicit, version pinning is rare, and there's no npm audit equivalent. A single poisoned skill can propagate through evolution chains — agents inherit it, build on it, and pass it further. Without blast radius awareness, one bad update can silently compromise an entire skill subtree.

What This Checks

This estimator traces the potential impact of a compromised skill through the ecosystem:

Direct adopters — How many agents currently use this skill directly? Based on download counts, citation data, and known installations
Inheritance depth — How many layers deep does this skill appear in other skills' dependency chains? A skill used by skills used by skills multiplies impact
Adoption velocity — How fast is adoption growing? A skill gaining 50 adopters/week has higher urgency than one with 2 adopters/month
Version pinning check — Do downstream adopters pin to a specific version, or do they track latest? Unpinned adopters receive malicious updates automatically
Capability composition — What can this skill do when combined with the capabilities of its adopters? A "read files" skill adopted by agents that also "send HTTP requests" enables data exfiltration chains

How to Use

Input: Provide one of:

A Gene/Capsule identifier (URL, SHA-256, or slug)
A marketplace asset page URL
A skill name to search for in the ecosystem

Output: A blast radius report containing:

Estimated direct and transitive impact count
Inheritance tree visualization
Adoption trend (growing / stable / declining)
Worst-case scenario projection
Urgency rating: LOW / MODERATE / HIGH / CRITICAL

Example

Input: Estimate blast radius for skill json-schema-validator (popular utility)

💥 BLAST RADIUS ESTIMATE — HIGH urgency

Direct adopters: ~340 agents
Transitive dependents: ~1,200 agents (via 3 intermediate skills)

Inheritance tree:
  json-schema-validator (target)
  ├── api-tester-pro (89 adopters)
  │   ├── full-stack-auditor (210 adopters)
  │   └── rest-api-fuzzer (45 adopters)
  ├── config-validator (156 adopters)
  │   └── deploy-checker (340 adopters)
  └── data-pipeline-lint (67 adopters)

Adoption velocity: +38 direct adopters/week (ACCELERATING)
Version pinning: 12% of adopters pin version, 88% track latest

Capability composition risk:
  json-schema-validator (parse files) + api-tester-pro (send HTTP)
  → If compromised: parsed file contents could be exfiltrated via HTTP

Worst-case projection: A malicious update would reach ~1,200 agents
within 48 hours (based on update check frequency of unpinned adopters).

Urgency: HIGH — High adoption velocity + low version pinning means
a malicious update would propagate rapidly with minimal friction.

Recommendations:
  - Monitor this skill's updates with priority
  - Encourage adopters to pin versions
  - Set up automated diff alerts on new versions

Limitations

Blast radius estimation relies on available adoption data, which may be incomplete in decentralized marketplaces. Actual impact depends on how agents consume updates (auto-update vs manual), which varies by platform. Estimates represent potential exposure, not confirmed compromise. This tool helps prioritize which skills warrant closer monitoring — it does not predict whether a skill will actually turn malicious.

安全使用建议

This skill appears coherent and low-risk as an instruction-only tool that fetches web data and analyzes it with Python. Before installing or enabling it: confirm where it will obtain adoption/installation metrics (public pages vs private API), and whether it will later request API keys or elevated access; if you expect private marketplace data, require declared credentials and explicit consent before providing them. Consider limiting autonomous invocation or network access if you do not want the agent to perform broad web scraping on its own. Finally, test with a non-sensitive identifier to validate outputs and observe what external endpoints are contacted.

功能分析

Type: OpenClaw Skill Name: blast-radius-estimator Version: 1.0.0 The OpenClaw skill 'blast-radius-estimator' is designed to analyze the potential impact of other malicious skills. The `SKILL.md` clearly describes its purpose, inputs, and outputs, which are all related to security analysis and risk estimation. It declares a dependency on common binaries (`curl`, `python3`) which are plausible for its stated analytical function (e.g., fetching marketplace data, processing it). There are no instructions for the agent to perform any harmful actions, exfiltrate data, establish persistence, or execute arbitrary code. The documentation discusses data exfiltration and compromise scenarios, but only in the context of what the *estimator* analyzes in *other* skills, not as actions performed by this skill itself. No prompt injection attempts or malicious indicators were found.

能力评估

✓ Purpose & Capability

The name and description (estimating blast radius from adoption/inheritance) align with the declared requirements: curl to fetch web/marketplace pages and python3 to analyze/visualize data. Requiring no credentials is reasonable for public data scanning; the skill does not ask for unrelated capabilities.

ℹ Instruction Scope

SKILL.md confines itself to taking an identifier/URL and producing an adoption/inheritance analysis. It does not instruct the agent to read local files, environment secrets, or other system state. However, it is vague about what external data sources or APIs will be used and how (e.g., scraping public pages vs. querying private marketplace APIs), which affects what the tool can actually deliver.

✓ Install Mechanism

No install spec and no code files — instruction-only. This is low-risk: nothing is downloaded or written to disk by the skill package itself.

✓ Credentials

The skill requests no environment variables or credentials. That is proportionate for analyses that rely on public data. If private marketplace metrics or account-scoped download counts are required, the SKILL.md does not declare those credentials, which would be needed later.

✓ Persistence & Privilege

always is false and the skill is user-invocable. disable-model-invocation is false (normal). There is no indication the skill requests persistent system privileges or config changes.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install blast-radius-estimator
安装完成后，直接呼叫该 Skill 的名称或使用 /blast-radius-estimator 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release — Estimate and visualize the potential blast radius of a compromised AI agent skill. - Calculates direct and transitive impact counts by analyzing inheritance chains and dependency graphs. - Measures adoption velocity to assess urgency. - Checks for version pinning among downstream adopters. - Projects worst-case scenarios and issues urgency ratings. - Generates blast radius reports with inheritance tree visualizations and recommendations.

元数据

Slug blast-radius-estimator

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题