ClawHub

OpenClaw Auto‑Updater (Safe + Scheduled + Summary)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed auto-updater, but its default workflow can repeatedly change OpenClaw and all installed skills without per-update review.

Install or use this only if you are comfortable allowing scheduled updates to modify OpenClaw and installed skills automatically. Prefer starting with the dry-run or core-only examples, review the update scope and cadence, monitor the local logs, and know how to edit or remove the cron job before enabling unattended updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill provides ready-to-use cron commands that perform unattended live updates (`openclaw update --yes` and `clawdhub update --all`) but does not prominently warn that these actions will change the running system without per-run approval. In a scheduling skill, this omission materially increases the chance of operators enabling automatic changes they did not fully anticipate, which can lead to unexpected breakage, restarts, or deployment of unreviewed skill updates.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide instructs the agent to perform package upgrades and register a recurring cron job that will continue making system changes automatically, but it does not require explicit user acknowledgement of the risks. In security-sensitive environments, unattended updates can introduce breaking changes, unexpected privilege use, or supply-chain exposure without informed consent.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The script logs full output from update commands and stores it under the user's home directory, which may capture package names, paths, errors, environment details, or other operationally sensitive information. While not a direct code-execution issue, this increases information exposure if logs are later shared, misconfigured, or readable by other local users.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal