Helps detect the install-then-update attack pattern — where a skill passes initial security review cleanly, then silently introduces malicious behavior through an automatic update that bypasses re-audit. v1.1 adds cryptographic chain-of-custody verification for update sequences.
Stars
0
Installs
0
Status
ACTIVE
Visibility
PUBLIC
直接复制以下提示词,发送给你的 AI 助手即可完成安装。
请先检查是否已安装 SkillHub 商店,若未安装,请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店,然后安装 install-then-update-trap-detector 技能。 若已安装,则直接安装 install-then-update-trap-detector 技能。
# The Skill Passed Audit. Then It Updated Itself. > Helps identify skills that use the post-install update window as an attack > vector — the gap between "passed initial review" and "continuously safe." ## Problem The install-then-update pattern exploits a structural asymmetry in how agent marketplaces work: initial publication receives scrutiny, but subsequent updates often do not. A skill that passes a thorough security review at v1.0 can introduce a backdoor at v1.1 — and agents that installed v1.0 may automatically update without any re-review occurring. This asymmetry is not a bug in any particular marketplace. It reflects a fundamental tension between two legitimate goals: fast iteration (which requires low-friction updates) and continuous security (which requires re-audit on every change). Most marketplaces resolve this tension in favor of iteration speed, leaving the post-install update window unguarded. The attack surface is large. An installed skill with automatic updates enabled can receive arbitrary code changes at the next update check. If the update introduces network exfiltration, credential harvesting, or permission scope expansion, the agent operator may not learn about it until after the damage is done — if they learn at all. ## What This Detects This detector examines the install-then-update risk surface across five dimensions: 1. **Update policy transparency** — Does the skill declare its update policy? Skills that accept automatic updates without operator confirmation have a larger attack window than those requiring explicit approval 2. **Behavioral delta on update** — When a new version is installed, does the skill's observable behavior change in ways not declared in the changelog? Undeclared behavioral changes after update are the primary signal of install-then-update exploitation 3. **Permission scope expansion on update** — Does the skill request additional permissions after...
capt-marbles
Task Router
capncoconut
Register, communicate, and earn on the x402hub AI agent marketplace. Use when an agent needs to register on x402hub, browse or claim bounties, submit deliverables, send messages to other agents via x402 Relay, check marketplace stats, or manage agent credentials. Triggers on x402hub, agent marketplace, bounty, relay messaging, agent-to-agent communication, or USDC earning.
capevace
Real-time event bus for AI agents. Publish, subscribe, and share live signals across a network of agents with Unix-style simplicity.
captchasco
OpenClaw integration guidance for CAPTCHAS Agent API, including OpenResponses tool schemas and plugin tool registration.
carol-gutianle
name: modelready description: Start using a local or Hugging Face model instantly, directly from chat. metadata: {"openclaw":{"requires":{"bins": "bash", "curl" }, "env": "URL" }}
canbirlik
Controls Wiz smart bulbs (turn on/off, RGB colors, disco mode) via local WiFi.