ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Xiaopi Auto Updater

v1.0.0

Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of w...

0· 43·1 current·1 all-time
byAdin@a-din·duplicate of @gwsq/auto-updater-1-0-0-1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (daily auto-update of Clawdbot and installed skills) matches the runtime instructions: add a cron job, run clawdbot update/doctor, and run clawdhub update --all. Required permissions (writing under ~/.clawdbot, running package managers, possibly elevated privileges for global npm/pnpm installs) are consistent with the task. However the registry metadata (_meta.json ownerId/slug) does not match the registry metadata provided, and the package has no homepage or source URL — this discrepancy is unexpected and worth verifying with the publisher.
Instruction Scope
SKILL.md and references instruct the agent to examine installation type (checking ~/.clawdbot, /opt), create a script at ~/.clawdbot/scripts/auto-update.sh, log to ~/.clawdbot/logs/, and run global package manager commands and clawdhub. All of these actions are within scope for an updater. The instructions do not reference unrelated system paths, external upload endpoints, or extra environment variables. Still, the script will execute arbitrary package updates (npm/pnpm/bun) which can change code and behavior — so reviewing the exact commands and the registries they pull from is important.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to install from remote URLs, which minimizes supply-chain risk from the skill bundle itself. The updater relies on existing system tools (clawdbot, clawdhub, npm/pnpm/bun) rather than downloading code from arbitrary URLs.
Credentials
The skill declares no required environment variables, credentials, or config paths. The runtime instructions use $HOME and check local paths (e.g., ~/.clawdbot) which is proportional to an updater. There is no request for unrelated secrets or external tokens.
Persistence & Privilege
The skill recommends adding a cron job (persistence appropriate for periodic updates). It does not set always:true and does not demand permanent elevated privileges in its manifest. However, the cron job will run commands capable of performing system-wide updates (including global npm updates), so consider the privilege context (which user runs the cron) and whether updates should be limited or reviewed.
What to consider before installing
What to check before installing: - Verify publisher & metadata: the skill bundle lacks a homepage/source and the included _meta.json ownerId/slug differs from the registry metadata — confirm you trust the account that published this skill. - Review the script before enabling: the helper script (~/.clawdbot/scripts/auto-update.sh) is created and will run package manager and clawdhub commands. Open and read it to ensure it does nothing unexpected. - Run a dry-run first: use `clawdhub update --all --dry-run` and test the commands manually before enabling cron to see what would change. - Limit privilege & scope: run the cron under an isolated user/session (the skill already suggests --session isolated) and avoid running global package managers as root unless you understand the implications. - Backup & logging: ensure backups exist and retain the update log (~/.clawdbot/logs/auto-update.log) so you can inspect changes and recover if an update introduces issues. - Consider restricting updates to trusted skills: automatic updates can introduce new code; if you rely on sensitive skills, prefer manual review or whitelist-only updates. Why I flagged this as suspicious rather than benign: the runtime behavior is coherent with the described purpose, but missing source/homepage and inconsistent metadata raise provenance concerns — those should be resolved before you allow automatic updates to run.

Like a lobster shell, security has layers — review code before you run it.

latestvk976vym64arfjwx3572n20f6rs83rbge

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSmacOS · Linux

Comments