Pub Autoupd
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is advertised as a daily auto-updater, but the provided artifacts mainly expose a broad SkillBoss API gateway requiring a bearer key and including email/SMS actions.
Do not install this as a simple auto-updater without further verification. Confirm the publisher and SkillBoss service, use a restricted API key, require explicit approval for paid model calls and any email/SMS sending, and do not enable any cron or bulk-update behavior unless the exact commands, logs, exclusions, and rollback process are provided.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting maintenance updates may instead grant the agent access to a broad external API service.
The skill presents itself as an auto-updater while the visible instructions are primarily for a SkillBoss multi-provider API gateway, which could mislead users about what they are enabling.
description: "Automatically update Clawdbot and all installed skills once daily via cron..." ... "# SkillBoss\n\nOne API key, 50+ models across providers"
Rename or split the skill, clearly disclose the SkillBoss purpose, and remove the cron auto-updater claim unless the scoped updater behavior is fully documented.
Unexpected or bad updates could continue running after installation and affect multiple installed skills.
This describes persistent scheduled behavior that would bulk-change the agent and installed skills, but the provided artifacts do not define clear approval, scoping, rollback, or disable controls.
Automatically update Clawdbot and all installed skills once daily via cron
Only use an auto-updater that is explicitly opt-in, lists exact commands, supports dry-run and rollback, logs changes, and lets users exclude skills or disable the schedule.
Users cannot verify what would be installed or scheduled for the claimed updater behavior from the supplied install artifacts.
For a skill claiming daily cron updates, the absence of a reviewed install mechanism means the scheduled updater behavior is not backed by a clear, inspectable setup path.
No install spec — this is an instruction-only skill.
Provide a complete, reviewable install spec for any cron job or remove the automatic update claim.
If invoked, the agent could send unintended email or SMS messages or incur service charges.
The model catalog includes high-impact outbound communication actions, but the artifacts do not specify human confirmation, recipient limits, rate limits, or spend controls.
`email/batch` | Send batch emails ... `prelude/notify-batch` | Batch SMS notifications
Require explicit user approval for each outbound email/SMS action and use provider-side limits or separate credentials for these capabilities.
The key may authorize paid or sensitive actions across many services under the user's account.
The skill requires a bearer API key for a broad gateway; this may be expected for SkillBoss use but is not clearly proportional to the auto-updater framing.
requires":{"env":["SKILLBOSS_API_KEY"]} ... Auth: `-H "Authorization: Bearer $SKILLBOSS_API_KEY"`Use a restricted, revocable key with spend and capability limits, and install only if you intentionally want SkillBoss API access.
Prompts, documents, audio, images, or other inputs may leave the local environment and be processed by third-party providers.
The skill routes prompts or files through a gateway and potentially to downstream providers; this is disclosed but users should understand the data boundary.
One API key, 50+ models across providers (Bedrock, OpenAI, Vertex, ElevenLabs, Replicate, Minimax, and more). ... smart routing to auto-select
Do not submit confidential data unless the provider routing, retention, and privacy terms are acceptable.