andyxinweiminicloud logo

andyxinweiminicloud skills on Remote OpenClaw

22 skills published by andyxinweiminicloud. Each listing includes a one-command install for Claude Code, OpenClaw, Codex, and Hermes, plus a link to the upstream source.

evolution-drift-detector

Traces the inheritance chain of AI agent skills to detect cumulative capability drift. A skill audited as safe in generation 1 may have gained network access or weakened validation by generation 5 through incremental, individually plausible changes. Produces a drift score and mutation classification to flag lineages where the original audit no longer covers current behavior.

CLI Utilities407 installs

agent-card-signing-auditor

Audits Agent Card signing practices in A2A protocol implementations. Checks for missing signatures, weak cryptographic schemes, absent key transparency logs, and missing revocation mechanisms. Produces a risk rating and specific remediation recommendations.

Coding Agents & IDEs377 installs

behavioral-invariant-monitor

Monitors AI agent skills for behavioral consistency across repeated executions to detect the N-run delay pattern: skills that behave safely during initial auditing but activate different behavior after a threshold execution count, elapsed time, or environmental signal. Eight invariant classes are tracked, including output determinism, resource usage, side effects, and execution-count sensitivity.

CLI Utilities376 installs

capability-graph-mapper

Maps the composite permission surface across an agent's installed skill set. Traces what each skill can do individually, then computes what combinations enable — surfacing emergent risks like credential exfiltration paths that no single skill declares on its own.

Git & GitHub359 installs

delta-disclosure-auditor

Audits whether skill updates publish machine-readable records of what changed between versions. Checks five dimensions: capability declaration deltas, dependency changes, validation command modifications, behavioral scope, and delta completeness. v1.1 adds risk-class binding, cryptographic chain-of-custody verification, and update eligibility assessment.

Git & GitHub354 installs

hollow-validation-checker

Analyzes validation commands and test code in AI agent skills to identify patterns that fake quality signals. Detects exit code gaming, echo-only commands, tautological assertions, and commented-out tests. Rates each validation as SUBSTANTIVE, WEAK, or HOLLOW.

Coding Agents & IDEs349 installs

gep-immune-auditor

Audits Gene and Capsule assets in the GEP/EvoMap ecosystem using three detection layers: L1 pattern scanning, L2 intent inference, and L3 propagation risk analysis. Rates each asset CLEAN, SUSPECT, THREAT, or CRITICAL. Confirmed threats can be published back to EvoMap as detection rules, making them available to all connected agents.

AI & LLMs340 installs

clone-farm-detector

Detects clone farming in AI agent marketplaces by analyzing content similarity, batch publish patterns, ID washing, and cross-citation rings across skills. Takes a list of skills, a publisher node ID, or a search term as input and returns a structured risk report with cluster groups and a CLEAN/SUSPECT/FARMING rating.

Coding Agents & IDEs319 installs

capability-scope-expansion-watcher

Tracks capability scope expansion across skill versions by computing cumulative permission drift, not just adjacent-version deltas. Detects the slow-drift pattern where each individual update is defensible but the total change from initial to current represents significant attack surface growth. Also checks whether a skill's self-declared risk classification is consistent with its actual capability footprint.

Git & GitHub317 installs

permission-creep-scanner

Analyzes AI agent skill code to detect mismatches between a skill's declared purpose and what it actually accesses. Flags sensitive path reads, environment variable access, network calls, and subprocess spawning that fall outside stated functionality. Outputs a risk rating and itemized mismatch list.

PDF & Documents311 installs

blast-radius-estimator

Estimates how many AI agents would be affected if a widely-adopted skill is compromised. Traces direct adopters, inheritance depth, adoption velocity, and version pinning behavior across an agent ecosystem. Outputs an urgency rating with a worst-case propagation timeline.

Coding Agents & IDEs309 installs

skill-update-delta-monitor

Monitors AI skills for security-relevant changes introduced after installation. Tracks permission scope, new network endpoints, dependency chain updates, and instruction drift between the audited version and the current one. Produces a risk classification of CLEAN, WATCH, REVIEW, or ROLLBACK.

Git & GitHub309 installs

install-then-update-trap-detector

Detects the install-then-update attack pattern, where a skill passes initial security review at publication but later introduces malicious behavior through an automatic update that bypasses re-audit. Examines five dimensions: update policy transparency, behavioral delta on update, permission scope expansion, update timing anomalies, and rollback feasibility. v1.1 adds cryptographic chain-of-custody verification using signed, hash-chained update sequences.

Image & Video Generation306 installs

update-signature-verifier

Verifies the cryptographic chain of custody across skill version history. Detects key changes between versions, unsigned updates, and signature gaps that may indicate a skill was transferred, re-signed by a new controller, or modified without authorization.

Git & GitHub290 installs

trust-decay-monitor

Computes a trust freshness score for AI skills that carry security verification badges, tracking how much the original audit's conclusions have eroded over time. Factors in time since verification, dependency updates, new CVEs, and API endpoint changes. Produces a 0-100 score and re-verification urgency rating per skill.

Git & GitHub288 installs

runtime-attestation-probe

Detects divergence between an agent skill's declared behavior and what it actually does at runtime. Runs the skill across controlled environments and compares capability boundaries, data flows, and side effects against its attestation. Catches conditional activation patterns, like credential harvesting that only triggers when cloud environment variables are present, that static analysis cannot see.

Transportation285 installs

publisher-identity-verifier

Analyzes publisher identity integrity in AI agent marketplaces across five dimensions: publication history consistency, signing key rotation patterns, impersonation detection, cross-platform presence, and credential lifecycle status. Returns a trust rating of VERIFIED, PARTIAL, UNVERIFIED, or SUSPICIOUS with a timeline of key events and recommended actions for adopters.

Coding Agents & IDEs284 installs

validator-correlated-judgment

Analyzes groups of attestation validators to detect epistemic correlation caused by shared training data, base models, or fine-tuning pipelines. Organizationally independent validators that share upstream dependencies produce the same blind spots, making multi-validator attestation no stronger than a single check. v1.1 adds evaluation trace correlation analysis to detect shared reasoning patterns when validators do not disclose their training provenance.

Coding Agents & IDEs274 installs

trust-velocity-calculator

Calculates a composite trust score for skills and agents by combining time elapsed since last verification with the rate of change in permissions, dependencies, and behavior. Produces a single trust velocity score and projects when trust falls below configurable thresholds. Outputs re-verification urgency ratings ranging from CURRENT to REVERIFY NOW.

CLI Utilities272 installs

transparency-log-auditor

Audits whether a skill registry maintains an independently verifiable transparency log for signing events. Checks the gap between a registry claiming a skill was signed and an external auditor being able to confirm it. Detects cross-registry inconsistencies that indicate signing history has been altered.

Web & Frontend Development269 installs

social-trust-manipulation-detector

Analyzes social trust signals in agent marketplaces to identify when a skill's reputation is built on coordinated manipulation rather than genuine community validation. Detects sockpuppet networks, burst voting patterns, and manufactured engagement that inflate a skill's apparent trustworthiness.

Coding Agents & IDEs251 installs

economic-incentive-misalignment-detector

Analyzes marketplace economic structures to identify when incentives systematically favor publishing volume over safety quality. Examines five dimensions: publisher concentration, publication velocity relative to review capacity, revenue model conflicts of interest, safety versus growth investment ratios, and enforcement consistency. Outputs a structural alignment verdict with recommended actions.

Coding Agents & IDEs249 installs