capability-scope-expansion-watcherHelps detect incremental capability scope expansion across skill versions — the pattern where a skill gradually claims broader permissions through small, ind...
Install via ClawdBot CLI:
clawdbot install andyxinweiminicloud/capability-scope-expansion-watcherGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Generated Mar 21, 2026
A financial institution uses the skill to monitor third-party reporting tools that start with basic data aggregation but gradually expand to access sensitive transaction logs and customer PII. The watcher detects incremental permission drift across updates, flagging when the tool's effective scope exceeds its declared compliance purpose.
A hospital employs the skill to track medical data processing applications that initially claim limited access to anonymized records but slowly expand to include patient identifiers and network permissions for data sharing. The watcher identifies capability composition amplification, alerting to potential HIPAA violations.
An online retailer uses the skill to oversee analytics plugins that begin with read-only access to sales data but incrementally gain permissions to modify product listings and access user payment details. The watcher analyzes step-size anomalies to uncover planned incremental strategies.
A smart home provider applies the skill to monitor firmware updates for IoT devices that start with basic configuration reads but expand over versions to control critical systems like security cameras. The watcher assesses behavioral scope vs. declared scope alignment to prevent unauthorized control.
A government agency utilizes the skill to audit document management tools that evolve from simple file viewing to accessing classified networks and making outbound requests. The watcher performs risk-class contradiction detection to ensure tools match their declared low-risk classifications.
Offer the skill as a cloud-based service where organizations pay a monthly fee per monitored skill or agent. Revenue comes from tiered plans based on the number of skills analyzed and depth of historical version tracking.
Sell annual licenses to large enterprises for on-premises deployment, integrating with existing security tools. Revenue is generated through upfront licensing costs and optional support contracts for customization.
Provide a free version for basic scope monitoring of up to 10 skills, with paid upgrades for advanced features like real-time alerts and detailed historical analysis. Revenue comes from conversions to premium tiers.
💬 Integration Tip
Integrate the skill into CI/CD pipelines to automatically scan skill updates before deployment, using its output to trigger security reviews for flagged expansions.
Scored Jun 19, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Helps verify that skill updates publish an auditable record of what changed — catching the gap between "the registry shows the new version" and "anyone can s...
Project health and best practices enforcer. Checks security, quality, documentation, CI/CD, and dependencies. Produces a letter grade (A-F) with actionable f...