ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Self Updater

v1.4.2

⭐ OPEN SOURCE! GitHub: github.com/GhostDragon124/openclaw-self-updater ⭐ ONLY skill with Cron-aware + Idle detection! Auto-updates OpenClaw core & skills, an...

1· 281·0 current·0 all-time
byJames F@ghostdragon124
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (cron-aware, idle detection, updating core and skills) is plausible and aligns with reading ~/.openclaw/cron/jobs.json and ~/.openclaw/openclaw.json. However the registry metadata says 'no required binaries' while SKILL.md lists pwsh, npm, and clawhub — that mismatch is unexplained. The SKILL.md also says Windows is required for idle detection, but the registry imposes no OS restriction. These inconsistencies reduce confidence that requirements are accurate and minimal.
!
Instruction Scope
SKILL.md instructs running a PowerShell script (scripts/self-updater.ps1) and reading ~/.openclaw/cron/jobs.json and ~/.openclaw/openclaw.json. Reading cron/job files is reasonable for 'cron-aware' behavior, but cron entries often contain arbitrary commands and sensitive data — so reading them is potentially sensitive even if needed. The runtime instructions refer to a script path that is not included in the package; it's unclear whether the agent will fetch and execute remote code. Any updater that restarts the gateway or runs arbitrary install commands should be inspected before execution.
Install Mechanism
There is no install spec and no code files in the registry copy (instruction-only), so nothing will be written to disk by the registry package itself. That minimizes immediate install-time risk. The Quick Start expects executing a local PowerShell script, but that script is absent from the included files — meaning the user/agent would need to obtain it from the referenced GitHub/ClawHub, which is an additional step outside this package.
Credentials
Optional environment variables for notifications (TELEGRAM_BOT_TOKEN, FEISHU_APP_ID, FEISHU_APP_SECRET) are reasonable for a notifier. However SKILL.md's assertation 'only reads gateway.port' conflicts with its own instruction to read cron jobs (which may contain commands/credentials). Also npm is listed as required without clear justification beyond possible dependency management — that could be unnecessary depending on implementation.
Persistence & Privilege
The skill does not declare always:true and is user-invocable. It allows autonomous invocation (the platform default) but does not request unusual persistent privileges or modify other skills according to the metadata provided.
What to consider before installing
Proceed cautiously. The skill's documentation refers to running a PowerShell updater script and reading your cron/config files — behaviors that could affect your gateway and may read sensitive command lines from cron. Before installing or running this updater: 1) Inspect the actual scripts (scripts/self-updater.ps1 and any code) in the GitHub repo or ClawHub package — do not run the updater blind. 2) Confirm why npm is required and whether any Node packages will be downloaded/executed. 3) Verify the skill's OS requirements (it claims Windows for idle detection) match your environment. 4) If you plan unattended updates, avoid giving AutoApprove until you trust the code; require manual approval for high-risk updates. 5) If you provide notification tokens (Telegram/Feishu), prefer using tokens/accounts with limited scope. Additional information that would raise confidence: the actual script files included in the package for review, a clear justification for npm, and matching registry metadata (required binaries and OS) that align with the SKILL.md.

Like a lobster shell, security has layers — review code before you run it.

ai-assessmentvk97afs3tegpab6w9k3jr64czph82rdhjauto-updatevk97afs3tegpab6w9k3jr64czph82rdhjcronvk97afs3tegpab6w9k3jr64czph82rdhjgatewayvk97afs3tegpab6w9k3jr64czph82rdhjhealthcheckvk97afs3tegpab6w9k3jr64czph82rdhjlatestvk9769nq5yj72pq2h7xket33xn982v8zkmaintenancevk97afs3tegpab6w9k3jr64czph82rdhjmonitoringvk97afs3tegpab6w9k3jr64czph82rdhjnotificationvk97afs3tegpab6w9k3jr64czph82rdhjopsvk97afs3tegpab6w9k3jr64czph82rdhjrestartvk97afs3tegpab6w9k3jr64czph82rdhjself-maintenancevk97afs3tegpab6w9k3jr64czph82rdhjskillsvk97afs3tegpab6w9k3jr64czph82rdhjsmart-schedulevk97afs3tegpab6w9k3jr64czph82rdhjupdatervk97afs3tegpab6w9k3jr64czph82rdhjuser-approvalvk97afs3tegpab6w9k3jr64czph82rdhj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments