Back to skill

Security audit

Auto Updater

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it sets up daily automatic updates for Clawdbot and installed skills, which is sensitive but clearly disclosed.

Install only if you want unattended daily changes to Clawdbot and every installed skill. Prefer manual or dry-run updates if you need to review new code before it runs, and confirm you know how to remove the cron job before enabling it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The setup instruction uses a broad natural-language invocation to configure a privileged cron-based updater that can modify the Clawdbot installation and all installed skills. Because the trigger boundaries are not specific, an agent could more easily interpret related user text as consent to create a recurring task, leading to unintended persistent automated updates and execution of newly downloaded code.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description presents the updater as routine automation but does not clearly warn that it will automatically modify the Clawdbot runtime and replace installed skills with newer code from external sources. In context, this is more dangerous because the action is persistent, scheduled, and supply-chain sensitive: users may enable it without understanding that future executions can change trusted code without per-update approval.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The cron instructions automate package, skill, and migration updates on a schedule without requiring an explicit confirmation step or prominently warning the user that code and configuration may change automatically. This increases the risk of unexpected breakage, supply-chain compromise propagation, or unattended execution of newly introduced code from Clawdbot or installed skills.

Self-Modification

High
Category
Rogue Agent
Content
# Capture new version
CLAWDBOT_VERSION_AFTER=$(clawdbot --version 2>/dev/null || echo "unknown")

# Update skills
log "Updating skills via ClawdHub..."
SKILL_OUTPUT=$(clawdhub update --all 2>&1) || true
echo "$SKILL_OUTPUT" >> "$LOG_FILE"
Confidence
92% confidence
Finding
Update skill

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.