ClawHub

Self-Upgrade (Tianyi)

Security checks across malware telemetry and agentic risk

Overview

This maintenance skill is not malicious, but it can make durable OpenClaw configuration changes without a strong approval or rollback boundary.

Install only if you want an agent to help maintain OpenClaw itself. Use dry-run first, review every config change before applying it, protect backups because they may contain tokens, and do not rely on the advertised rollback command until it is actually implemented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill documents a rollback interface (`-RollbackTo`) as a safety guarantee, but the provided script only implements backup creation and never defines a rollback parameter or restoration logic. In a self-upgrade skill that can modify configuration and run automated repair commands, this mismatch creates a false sense of recoverability and can leave the system stuck in a broken or partially migrated state after an automated change.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad enough to invoke this skill on routine events such as first launch after upgrade, generic skill load failures, periodic maintenance, or detection of deprecated fields. Because this skill performs state-changing actions like config migration, backup creation, and `openclaw doctor --fix`, ambiguous invocation criteria can cause unintended automatic execution and configuration drift without sufficiently explicit user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal