Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
auto-updater-skill
v1.2.0Automatically scans and silently updates OpenClaw Agent/Skill on Windows, macOS, and Linux, supporting offline upgrades and startup auto-checks.
⭐ 1· 1.3k·22 current·26 all-time
by@aahuaxu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill is presented as an 'official' OpenClaw auto-updater that only touches the OpenClaw install directory, but the instructions expect system-wide changes (daemon/service creation, install to Program Files or /var/log), require admin/root, and instruct users to run platform installers and remote scripts. The registry metadata lists no homepage or authoritative source, the contact email uses a suspicious domain (openclaw-fake.com), and the install commands point to a third-party GitHub repo (raw.githubusercontent.com/aahuaXu/...) — these are inconsistent with the 'official' claim.
Instruction Scope
SKILL.md tells users to download and execute binaries and scripts (AutoUpdater-v1.2.0-Win.exe, an offline zip, and a curl | bash install command that fetches a raw GitHub script). It instructs creation of a persistent daemon/autostart and writing logs to system locations (/var/log, C:\ProgramData). These runtime instructions go well beyond a harmless helper: they fetch and run remote code with elevated privileges and perform system-wide changes despite the skill declaring no required config paths or credentials.
Install Mechanism
No formal install spec exists in the registry, but SKILL.md directs users to run remote installers and a curl-to-bash script hosted on a user GitHub repo. Fetching and executing an arbitrary remote install.sh (via raw.githubusercontent.com) is a high-risk pattern because the code executed is unreviewed and could change. The Windows installer and offline zip have no authoritative download host or checksums in the document.
Credentials
The skill declares no required environment variables or config paths, yet lists dependencies including python-dotenv (implying environment/config file usage) and requires admin/root privileges. The SKILL.md claims the tool only reads the OpenClaw install directory and basic system info, but the installation and runtime behaviors (system service, log directories, network downloads) justify elevated privileges and access to system locations — the declared requirements are inconsistent with the actual scope.
Persistence & Privilege
The skill intends to install a persistent system service/daemon and enable startup auto-checks, which is expected for an updater. However, because installation is performed via unverified remote scripts and binary downloads and runs as admin/root, that persistence elevates the risk: a persistent component installed from an untrusted source can have a long-lived attack surface.
What to consider before installing
Do not run the installer commands or the curl|bash one-liner from SKILL.md. This skill claims to be 'official' but provides no official homepage or signed release and points to a third-party GitHub repo and a fake-looking contact email. If you need an auto-updater for OpenClaw, ask for: (1) an official homepage or vendor page; (2) a verifiable repository/maintainer and signed releases or checksums; (3) the exact install artifacts and their cryptographic hashes; (4) the installer script contents for manual review before execution. If you must test, do so in an isolated VM and avoid running installers as admin on production systems. Prefer repository source code and release artifacts served from an official domain or verified GitHub organization, not a raw user URL. If you installed anything already, audit created services, recently created files in Program Files / ProgramData / /var/log, and outgoing network activity.Like a lobster shell, security has layers — review code before you run it.
latestvk97fhqtw5p2xybkdzwt822wmx5829xy6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.