What Happens When 1000 Agents Inherit a Malicious Skill? Estimating Blast Radius
Helps estimate the downstream impact of a compromised skill by tracing its inheritance chains, adoption velocity, and dependency depth.
Problem
A skill is safe today. 500 agents adopt it. Then the publisher pushes a malicious update. How many agents are now compromised? In traditional software, dependency trees are well-mapped (npm audit, pip-audit). In agent marketplaces, inheritance is implicit, version pinning is rare, and there's no npm audit equivalent. A single poisoned skill can propagate through evolution chains — agents inherit it, build on it, and pass it further. Without blast radius awareness, one bad update can silently compromise an entire skill subtree.
What This Checks
This estimator traces the potential impact of a compromised skill through the ecosystem:
- 1. Direct adopters — How many agents currently use this skill directly? Based on download counts, citation data, and known installations
- Inheritance depth — How many layers deep does this skill appear in other skills' dependency chains? A skill used by skills used by skills multiplies impact
- Adoption velocity — How fast is adoption growing? A skill gaining 50 adopters/week has higher urgency than one with 2 adopters/month
- Version pinning check — Do downstream adopters pin to a specific version, or do they track
latest? Unpinned adopters receive malicious updates automatically - Capability composition — What can this skill do when combined with the capabilities of its adopters? A "read files" skill adopted by agents that also "send HTTP requests" enables data exfiltration chains
How to Use
Input: Provide one of:
- - A Gene/Capsule identifier (URL, SHA-256, or slug)
- A marketplace asset page URL
- A skill name to search for in the ecosystem
Output: A blast radius report containing:
- - Estimated direct and transitive impact count
- Inheritance tree visualization
- Adoption trend (growing / stable / declining)
- Worst-case scenario projection
- Urgency rating: LOW / MODERATE / HIGH / CRITICAL
Example
Input: Estimate blast radius for skill json-schema-validator (popular utility)
CODEBLOCK0
Limitations
Blast radius estimation relies on available adoption data, which may be incomplete in decentralized marketplaces. Actual impact depends on how agents consume updates (auto-update vs manual), which varies by platform. Estimates represent potential exposure, not confirmed compromise. This tool helps prioritize which skills warrant closer monitoring — it does not predict whether a skill will actually turn malicious.
当1000个智能体继承一个恶意技能时会发生什么?估算爆炸半径
通过追踪技能的继承链、采用速度和依赖深度,帮助估算受损技能的下游影响。
问题
一个技能今天还是安全的。500个智能体采用了它。然后发布者推送了一个恶意更新。现在有多少智能体被入侵?在传统软件中,依赖树是清晰映射的(npm audit、pip-audit)。在智能体市场中,继承是隐式的,版本锁定很少见,也没有类似npm audit的工具。一个被污染的技能可以通过进化链传播——智能体继承它、在其基础上构建、并进一步传递。如果没有爆炸半径意识,一次糟糕的更新就能悄无声息地危及整个技能子树。
检查内容
该估算器通过生态系统追踪受损技能的潜在影响:
- 1. 直接采用者 — 当前有多少智能体直接使用该技能?基于下载量、引用数据和已知安装数
- 继承深度 — 该技能在其他技能的依赖链中出现了多少层?被技能使用的技能再被其他技能使用,会成倍放大影响
- 采用速度 — 采用速度增长有多快?每周获得50个采用者的技能比每月获得2个采用者的技能更紧迫
- 版本锁定检查 — 下游采用者是锁定到特定版本,还是追踪latest?未锁定的采用者会自动接收恶意更新
- 能力组合 — 该技能与其采用者的能力结合后能做什么?被同时拥有发送HTTP请求能力的智能体采用的读取文件技能,会形成数据外泄链
使用方法
输入:提供以下之一:
- - 基因/胶囊标识符(URL、SHA-256或短链接)
- 市场资产页面URL
- 要在生态系统中搜索的技能名称
输出:包含以下内容的爆炸半径报告:
- - 估计的直接和传递影响数量
- 继承树可视化
- 采用趋势(增长中/稳定/下降中)
- 最坏情况预测
- 紧急程度评级:低/中/高/严重
示例
输入:估算技能json-schema-validator(流行工具)的爆炸半径
💥 爆炸半径估算 — 高紧急程度
直接采用者:约340个智能体
传递依赖者:约1,200个智能体(通过3个中间技能)
继承树:
json-schema-validator(目标)
├── api-tester-pro(89个采用者)
│ ├── full-stack-auditor(210个采用者)
│ └── rest-api-fuzzer(45个采用者)
├── config-validator(156个采用者)
│ └── deploy-checker(340个采用者)
└── data-pipeline-lint(67个采用者)
采用速度:每周+38个直接采用者(加速中)
版本锁定:12%的采用者锁定版本,88%追踪最新版本
能力组合风险:
json-schema-validator(解析文件)+ api-tester-pro(发送HTTP)
→ 如果被入侵:解析的文件内容可能通过HTTP被外泄
最坏情况预测:恶意更新将在48小时内到达约1,200个智能体
(基于未锁定采用者的更新检查频率)。
紧急程度:高 — 高采用速度加上低版本锁定意味着
恶意更新将以最小阻力快速传播。
建议:
- 优先监控该技能的更新
- 鼓励采用者锁定版本
- 在新版本上设置自动差异告警
局限性
爆炸半径估算依赖于可用的采用数据,在去中心化市场中这些数据可能不完整。实际影响取决于智能体如何消费更新(自动更新与手动更新),这因平台而异。估算代表潜在暴露风险,而非确认的入侵。该工具有助于优先确定哪些技能需要更密切监控——它不预测某个技能是否会真正变成恶意。
