Back to skill

Security audit

Self Updater

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed updater, but it can silently change OpenClaw core and installed skills, so users should review it before installing.

Install only if you intentionally want a privileged updater that can change OpenClaw and installed skills. Before enabling automation, inspect the actual PowerShell script and update source, avoid AutoApprove or Quiet cron runs unless you have backups and rollback, and use limited-scope notification credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (16)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly advertises automatic updating of both the OpenClaw core and skills, but it does not clearly warn users that updates can change executable behavior, introduce breaking changes, or affect system state and availability. In a self-updating agent context, missing safety disclosure materially increases risk because users may enable automation without understanding the operational and supply-chain implications.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill advertises very broad trigger terms such as maintenance, skills, gateway, restart, healthcheck, monitoring, and ops, which overlap with many normal administrative requests. This increases the chance the updater is invoked in contexts where the user did not explicitly request software modification, making unintended updates or restarts more likely.

Vague Triggers

Low
Confidence
84% confidence
Finding
The description emphasizes autonomous auto-updating behavior but does not clearly state that updates should only occur after explicit user intent or under tightly defined scheduled automation. In an agent ecosystem, this kind of broad framing can cause over-selection of a self-modifying skill for generic system-health tasks.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
|-----------|---------|-------------|
| AutoUpdate | false | Apply updates automatically |
| SmartTiming | false | Wait for idle + check cron |
| AutoApprove | false | Skip approval (for cron) |
| NoNotify | false | Skip notifications |
| UpdateSkillsOnly | false | Update skills only |
| Port | auto | Gateway port |
Confidence
95% confidence
Finding
Skip approval

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
3. If approved → proceeds with update
4. If rejected/skipped → cancels gracefully

Use `-AutoApprove` for unattended runs.

## Smart Notifications
Confidence
95% confidence
Finding
AutoApprove

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
|-----------|---------|-------------|
| AutoUpdate | false | Apply updates automatically |
| SmartTiming | false | Wait for idle + check cron |
| AutoApprove | false | Skip approval (for cron) |
| NoNotify | false | Skip notifications |
| UpdateSkillsOnly | false | Update skills only |
| Port | auto | Gateway port |
Confidence
95% confidence
Finding
AutoApprove

Self-Modification

High
Category
Rogue Agent
Content
```powershell
# Check for updates
powershell -ExecutionPolicy Bypass -File scripts/self-updater.ps1

# Auto-update with smart timing
powershell -ExecutionPolicy Bypass -File scripts/self-updater.ps1 -AutoUpdate -SmartTiming
Confidence
91% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
powershell -ExecutionPolicy Bypass -File scripts/self-updater.ps1

# Auto-update with smart timing
powershell -ExecutionPolicy Bypass -File scripts/self-updater.ps1 -AutoUpdate -SmartTiming
```

## Install
Confidence
93% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
| SmartTiming | false | Wait for idle + check cron |
| AutoApprove | false | Skip approval (for cron) |
| NoNotify | false | Skip notifications |
| UpdateSkillsOnly | false | Update skills only |
| Port | auto | Gateway port |
| IdleThreshold | 5 | Minutes of idle to wait |
| CronLookAhead | 60 | Minutes to look ahead for tasks |
Confidence
98% confidence
Finding
Update skill

Self-Modification

High
Category
Rogue Agent
Content
---
name: self-updater
version: 1.4.2
description: |
  ⭐ OPEN SOURCE! GitHub: github.com/GhostDragon124/openclaw-self-updater
Confidence
93% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
name: self-updater
version: 1.4.2
description: |
  ⭐ OPEN SOURCE! GitHub: github.com/GhostDragon124/openclaw-self-updater
  ⭐ ONLY skill with Cron-aware + Idle detection! Auto-updates OpenClaw core & skills, analyzes cron schedules to avoid user tasks, waits for idle time, AI-powered risk assessment, user approval for high-risk updates, and smart notifications.
  Use for: auto-update, maintenance, cron, smart-schedule, skills, gateway, restart, healthcheck, monitoring, ops
repository:
Confidence
99% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
Use for: auto-update, maintenance, cron, smart-schedule, skills, gateway, restart, healthcheck, monitoring, ops
repository:
  type: git
  url: https://github.com/GhostDragon124/openclaw-self-updater
homepage: https://github.com/GhostDragon124/openclaw-self-updater#readme
required_binaries:
  - pwsh (PowerShell 5.1+)
Confidence
88% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
repository:
  type: git
  url: https://github.com/GhostDragon124/openclaw-self-updater
homepage: https://github.com/GhostDragon124/openclaw-self-updater#readme
required_binaries:
  - pwsh (PowerShell 5.1+)
  - npm
Confidence
82% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
```powershell
# Check for updates
powershell -ExecutionPolicy Bypass -File scripts/self-updater.ps1

# Auto-update with smart timing
powershell -ExecutionPolicy Bypass -File scripts/self-updater.ps1 -AutoUpdate -SmartTiming
Confidence
98% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
powershell -ExecutionPolicy Bypass -File scripts/self-updater.ps1

# Auto-update with smart timing
powershell -ExecutionPolicy Bypass -File scripts/self-updater.ps1 -AutoUpdate -SmartTiming

# Full automation (for cron)
powershell -ExecutionPolicy Bypass -File scripts/self-updater.ps1 -AutoUpdate -SmartTiming -AutoApprove -Quiet
Confidence
99% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
powershell -ExecutionPolicy Bypass -File scripts/self-updater.ps1 -AutoUpdate -SmartTiming

# Full automation (for cron)
powershell -ExecutionPolicy Bypass -File scripts/self-updater.ps1 -AutoUpdate -SmartTiming -AutoApprove -Quiet
```

## AI Risk Assessment
Confidence
100% confidence
Finding
self-update

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.