Back to skill
Skillv1.0.6
VirusTotal security
Openclaw Autoupdate · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 4:38 AM
- Hash
- c40f5d9e3ff414ec3529ecb32d3d72eff934c78277f5b2a85f0f478dbf5502b1
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: openclaw-autoupdate Version: 1.0.6 The skill bundle is designed for updating the OpenClaw application and its CLI. The `scripts/silent-update.sh` script fetches version information and official releases from `api.github.com` and `github.com`, then uses standard system commands (`rm`, `cp`, `hdiutil`, `npm install -g`) to perform the update. All actions are consistent with the stated purpose of securely automating updates. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` to subvert the agent for harmful purposes. The script's actions, while requiring elevated privileges for installation, are legitimate for an update process and do not indicate malicious intent.
- External report
- View on VirusTotal