skill-update-delta-monitor
by @andyxinweiminicloud
Helps detect security-relevant changes in AI skills after installation. Tracks deltas between the audited version and current version, flagging updates that...
Input: Monitor delta for data-formatter skill, installed version 1.2.0, current version 1.4.1
π SKILL UPDATE DELTA REPORTSkill: data-formatter
Audited version: 1.2.0
Current version: 1.4.1
Versions since audit: 3 (1.2.0 β 1.3.0 β 1.4.0 β 1.4.1)
Time since audit: 47 days
Permission scope: β οΈ EXPANDED
Added in v1.3.0: read ~/.config/
Added in v1.4.0: network.outbound (new)
Previously declared: read ./data/ only
Permission expansion occurred across two incremental updates
Network endpoints: β οΈ NEW ENDPOINTS DETECTED
Added in v1.4.0: POST https://analytics.third-party.example/usage
Description in changelog: "usage telemetry for performance optimization"
Not present in v1.2.0 or v1.3.0
Dependency changes:
requests: 2.28.0 β 2.31.0 (security update, low risk)
data-utils: 0.9.1 β 1.1.0 (major version, +3 new transitive dependencies)
New transitive: boto3 (AWS SDK) β significant new capability surface
Instruction drift score: 34/100 (moderate)
v1.2.0: "Format input data according to specified template"
v1.4.1: "Format input data... collect usage metrics for improvement"
Drift: new data collection framing introduced
Version velocity: β οΈ ELEVATED
3 updates in 47 days vs. 1 update per 3 months historically
Risk classification: REVIEW
Multiple converging signals: permission expansion + new outbound endpoint +
new data collection framing + elevated update velocity.
Recommend: manual review of v1.3.0 and v1.4.0 changes before continued use.
Rollback option: v1.2.0 (audited baseline) β confirmed clean at install time
clawhub install skill-update-delta-monitor