Helps map the composite permission surface across AI agent skill dependency chains. Traces what each skill can do individually, then computes what they can do together — revealing emergent capabilities nobody explicitly approved.
Stars
0
Installs
0
Status
ACTIVE
Visibility
PUBLIC
直接复制以下提示词,发送给你的 AI 助手即可完成安装。
请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 capability-graph-mapper 技能。 若已安装,则直接安装 capability-graph-mapper 技能。
# Your Agent Has 12 Skills — Do You Know What They Can Do Together? > Helps map composite permission surfaces across skill dependency chains, revealing emergent capabilities that no single skill declares. ## Problem Individual skill permissions look reasonable in isolation. A file-reader skill reads files. An HTTP client skill sends requests. A JSON parser skill transforms data. Each one passes a security review on its own. But install all three in the same agent, and you've built a data exfiltration pipeline — read sensitive files, parse out credentials, send them to an external endpoint. Nobody approved that combination. Nobody even noticed it exists. In traditional software, tools like `npm audit` map dependency trees and flag known vulnerabilities. In agent ecosystems, the risk isn't in individual dependencies — it's in the **composite capability surface** that emerges when skills combine. There is no `npm audit` for emergent agent capabilities. ## What This Maps This mapper traces the permission graph across an agent's installed skills: 1. **Permission enumeration** — For each skill, extract declared capabilities: file access, network requests, shell execution, environment variable reads, credential access 2. **Pairwise composition** — For every pair of skills, check if their combined capabilities create a new emergent capability (e.g., read + send = exfiltrate) 3. **Transitive chains** — Trace three-hop and deeper composition paths where skill A feeds skill B feeds skill C, creating capabilities invisible at any single hop 4. **Privilege surface score** — Compute a single metric: how many distinct dangerous capability combinations exist in this agent's skill set? 5. **Delta analysis** — When a new skill is added, show what new composite capabilities it introduces to the existing set ## How to Use **Input**: Provide one of: - A list of skill names/slugs installed in an agent - A skill manifest or configuration file - A singl...
openstockdata
OpenClaw Skill for stock data analysis
capt-marbles
Generative Engine Optimization (GEO) for AI search visibility. Optimize content to appear in ChatGPT, Perplexity, Claude, and Google AI Overviews. Use when optimizing websites, pages, or content for LLM discoverability and citation.
capgoblin
Access unsecured credit lines for AI agents on the Arc Network using the Credex Protocol. Use for borrowing USDC against reputation, repaying debt to grow credit limits, providing liquidity as an LP, or managing cross-chain USDC via Circle Bridge. Triggers on "borrow from credex", "repay debt", "deposit to pool", "check credit status", "provide liquidity", or any credit/lending task on Arc.
capt-marbles
Control PhantomBuster automation agents via API. List agents, launch automations, get output/results, check status, and abort running agents. Use when the user needs to run LinkedIn scraping, Twitter automation, lead generation phantoms, or any PhantomBuster workflow.
camelsprout
DuckDB CLI specialist for SQL analysis, data processing and file conversion. Use for SQL queries, CSV/Parquet/JSON analysis, database queries, or data conversion. Triggers on "duckdb", "sql", "query", "data analysis", "parquet", "convert data".
camohiddendj
DuckDuckGo HTML search scraper CLI with JSON, CSV, OpenSearch, markdown, and compact outputs.