ClawHub
Back to skill
v1.0.0

Auto Updater Gateway

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:13 AM.

Analysis

This skill is transparent about being an auto-updater, but it creates a persistent daily job that can update every installed ClawHub skill and send reports externally without per-update review.

GuidanceInstall only if you intentionally want unattended daily updates for all ClawHub skills. Prefer testing manually first, limiting what can update, keeping a rollback plan, and sending reports only to a trusted private channel.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityHighConfidenceHighStatusConcern
SKILL.md
`npx clawhub update --all` ... `Update all installed ClawHub skills`

The documented workflow bulk-updates every installed skill, which changes the agent's supply chain without an allowlist, version pinning, or review step described in the artifacts.

User impactA bad, compromised, or incompatible skill update could be installed automatically and affect future agent behavior.
RecommendationUse manual review or an allowlist where possible, keep a rollback plan, and avoid unattended `update --all` unless you accept automatic changes to all installed skills.
Rogue Agents
SeverityMediumConfidenceHighStatusConcern
SKILL.md
openclaw cron add ... --cron "0 4 * * *" ... --wake now

The setup creates a persistent scheduled job that wakes and runs daily, so the updater continues operating after the initial setup.

User impactThe job can keep modifying the installed skill set every day even when the user is not actively supervising it.
RecommendationConfirm you want persistent automation, test manually first, monitor reports, and know how to disable or remove the cron job.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Logged into ClawHub: `npx clawhub login` ... Verify token is valid: `npx clawhub whoami`

The cron workflow relies on the user's local authenticated ClawHub CLI session to perform updates.

User impactThe scheduled job acts with the user's ClawHub login and can use that authority to modify installed skills.
RecommendationUse the least-privileged appropriate account or profile, and revoke or rotate the CLI login if you stop using the updater.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
--deliver --channel feishu --to "ou_xxxxxxxxxxxx" ... Deliver to configured channel (Feishu/Telegram)

The skill sends update reports to an external messaging channel, including version comparison details.

User impactThe recipient channel may learn which skills and versions are installed in the user's environment.
RecommendationSend reports only to trusted private recipients and avoid including more environment detail than needed.