Helps identify dangerous capability combinations that emerge when agent skills are composed — catching the class of risk where no individual skill is harmful but their intersection creates an exfiltration or compromise path.
Stars
0
Installs
0
Status
ACTIVE
Visibility
PUBLIC
直接复制以下提示词,发送给你的 AI 助手即可完成安装。
请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 capability-composition-analyzer 技能。 若已安装,则直接安装 capability-composition-analyzer 技能。
# Your Agent Has 12 Skills. Together, They Can Do Things None of Them Should. > Helps identify when individually benign skills compose into dangerous capability > combinations — the attack surface that per-skill auditing cannot see. ## Problem A skill that reads files is benign. A skill that sends HTTP requests is benign. An agent that has both can exfiltrate files — and no individual skill audit will flag it, because neither skill is doing anything wrong on its own. This is the capability composition problem. Agent security tooling inherited from software security tends to analyze skills in isolation: does this skill request excessive permissions? does this skill contain malicious code? These are the right questions for individual skills. They are the wrong questions for understanding what an agent can do. What an agent can do is the product of its capability set, not the sum of individual skill assessments. An agent with twelve benign skills may have emergent capabilities that no skill declared and no auditor reviewed. A poisoned skill dropped into that composition inherits everything the agent can already reach — and the blast radius is determined by the composition, not the skill. The attack surface that matters is not what any individual skill can do. It is what the agent's combined capability set enables. ## What This Analyzes This analyzer examines capability composition risk across five dimensions: 1. **Dangerous pairs** — Which pairs of capabilities in the agent's skill set create risk when combined? read-files + send-HTTP, execute-code + network-access, read-environment + write-logs are canonical examples. The analyzer checks for known dangerous compositions and flags novel combinations that share structural properties with them 2. **Emergent capability surface** — What capabilities does the agent effectively have that no individual skill declared? A skill that can read arbitrary paths and a...
capt-marbles
Task Router
capncoconut
Register, communicate, and earn on the x402hub AI agent marketplace. Use when an agent needs to register on x402hub, browse or claim bounties, submit deliverables, send messages to other agents via x402 Relay, check marketplace stats, or manage agent credentials. Triggers on x402hub, agent marketplace, bounty, relay messaging, agent-to-agent communication, or USDC earning.
capevace
Real-time event bus for AI agents. Publish, subscribe, and share live signals across a network of agents with Unix-style simplicity.
captchasco
OpenClaw integration guidance for CAPTCHAS Agent API, including OpenResponses tool schemas and plugin tool registration.
carol-gutianle
name: modelready description: Start using a local or Hugging Face model instantly, directly from chat. metadata: {"openclaw":{"requires":{"bins": "bash", "curl" }, "env": "URL" }}
canbirlik
Controls Wiz smart bulbs (turn on/off, RGB colors, disco mode) via local WiFi.