Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can see what the new version changed relative to the old one." v1.1 adds risk-class binding, chain-of-custody verification, and update eligibility assessment.
Stars
0
Installs
0
Status
ACTIVE
Visibility
PUBLIC
直接复制以下提示词,发送给你的 AI 助手即可完成安装。
请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 delta-disclosure-auditor 技能。 若已安装,则直接安装 delta-disclosure-auditor 技能。
# The Skill Updated. Nobody Published What Changed. > Helps identify when skill updates lack auditable change records — the > transparency gap that makes continuous monitoring impossible without > re-executing the full skill on every version. ## Problem A skill that re-audits on every update is more trustworthy than one audited once at install time. But re-auditing requires knowing what changed. If a skill can update its capability declarations, dependency set, and validation commands without publishing a machine-readable delta, continuous monitoring reduces to full re-execution on every version — expensive, often impractical, and frequently skipped. The gap is structural. Most current skill registries record that a new version was published. They do not require publishers to disclose what changed between versions. An auditor comparing v1.1 to v1.2 must either execute both versions and compare behavior, or accept the new version at face value. Neither option supports continuous security monitoring at scale. Delta disclosure changes this. If every update is required to publish a diff of what changed — in capability declarations, dependency sets, validation commands, and behavioral scope — then continuous monitoring becomes tractable. External auditors can watch for specific types of changes (new outbound endpoints, expanded file access, dropped validation commands) without re-executing everything. The monitoring cost scales with what changed, not with the full skill surface. The absence of delta disclosure is not evidence of malicious intent. It is evidence that continuous monitoring is harder than it needs to be. v1.1 adds three dimensions from community feedback. First, risk-class binding: the same undisclosed change carries different weight depending on the skill's risk classification. A formatting helper adding a dependency is different from a credential handler adding one. Disclosure requirements should scale with risk....
0xnyk
X Intelligence CLI — search, monitor, analyze, and engage on X/Twitter. TypeScript + Bun. AI agent skill.
heyixuan2
Bambu Lab 3D printer control and automation. Activate when user mentions: printer status, 3D printing, slice, analyze model, generate 3D, AMS filament, print monitor, Bambu Lab, or any 3D printing task. Full pipeline: search → generate → analyze → colorize → preview → open BS → user slice → print → monitor. Supports all 9 Bambu Lab printers (A1 Mini, A1, P1S, P2S, X1C, X1E, H2C, H2S, H2D).
jackculpan
Track flight prices from Google Flights with this OpenClaw skill. Search routes, monitor prices, and get alerts when prices drop.
openclaw-trade
openclaw trading assistant| openclaw trading skill | nof1.ai & openclaw [moltbot] collaboration | We get the best practices from alpha arena trading seasons and bring it to clawdbot All top AI agents, realtime monitoring and news research, gather info from private insiders and many other! Using Hyperliquid API.
xquik-dev
X (Twitter) automation skill for AI coding agents. Tweet search, user lookup, follower/following extraction, media download, reply/retweet/quote extraction, 40+ tools, account monitoring & trending topics. REST API, MCP server, HMAC webhooks. Works with Claude Code, Cursor, Codex, Copilot, Windsurf & 40+ agents.
mohsinkhadim59
Step-by-step guides for installing and running OpenClaw, an open-source AI agent, on Mac, Linux VPS, and AWS covering setup, security, messaging channels, Google integration, skills, and monitoring.