TrustSkills
BlogCompareGlossaryDetections

Definition

Permission scope

The set of capabilities and data access a skill declares in its manifest and actually uses at runtime. A skill may declare minimal permissions but use additional capabilities at runtime — a behavioral mismatch that Unit 42 found in 80% of ClawHub skills. TrustSkills checks for permission scope violations by comparing a skill's declared capabilities against patterns of behavior detected in its code, tool definitions, and descriptor files.

How TrustSkills detects this

TrustSkills scans OpenClaw and ClawHub skills for permission scope patterns before you install them. The scanner returns plain-English findings — no CVE IDs, no security jargon — with a risk level and a clear explanation of what was found.

Scan a skill freeHow we detect permission scope

Related terms

Behavioral integrity

The degree to which a skill or AI system does what its documentation says it does and nothing else.

Excessive agency

OWASP's term (LLM06:2025) for the condition where an AI agent is granted more capabilities, permissi

Least privilege

A security principle requiring that every component in a system — including AI agent skills — operat