ClawHub Auto Update

Security checks across malware telemetry and agentic risk

Overview

This skill is an updater that openly runs bulk ClawHub skill updates, but it recommends unattended all-skill changes that can overwrite local modifications.

Review before installing. Use it manually first, keep backups of locally modified skills, and avoid adding the cron job unless you are comfortable with unattended updates to every installed ClawHub skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The skill’s documented purpose says it checks for updates and notifies the user, but the runnable examples prominently perform `update --all`, which changes installed code immediately. That mismatch is dangerous because users may invoke what appears to be a passive check and instead trigger bulk modification of their local skill set, potentially overwriting local changes and introducing unreviewed code updates.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The examples instruct users to run automatic update commands that modify installed skills, including via cron, without an in-context warning immediately next to those commands. This is risky because users often copy-paste runnable examples directly, which can lead to silent bulk updates, overwritten local modifications, and unattended execution of newly pulled skill code.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal