Auto Updater.Tmp

Security checks across malware telemetry and agentic risk

Overview

This appears to be an auto-updater skill, but it sets up recurring unattended updates that can change the bot and installed skills without enough scoping or review controls.

Review this carefully before installing. Only enable it if you are comfortable with daily automatic changes to your OpenClaw or Clawdbot installation and installed skills. Prefer configuring check-and-notify, pinned versions, trusted sources only, backups, and a documented way to pause or roll back updates.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly sets up unattended daily updates that modify both the core bot and all installed skills, but it does not clearly warn about supply-chain risk, unexpected behavior changes, or breakage from automatic upgrades. Because it updates all skills from a registry on a schedule, a bad upstream release or compromised package could be applied automatically without prior review, increasing operational and security risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide instructs configuring unattended daily updates that modify the Clawdbot installation, run migration-like maintenance via `clawdbot doctor --yes`, and update all skills without an explicit safety warning, approval gate, or rollback guidance. This is dangerous because it creates a recurring mechanism for automatic code and configuration changes from upstream sources, increasing supply-chain risk and the chance of breaking changes being applied without user review.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The setup confirmation text describes automatic daily updates but does not clearly warn that the system will modify Clawdbot and installed skills on a recurring schedule without per-run approval. In an auto-updater skill, that omission matters because users may not fully understand the scope and persistence of the change, increasing the risk of unintended software modification and surprise updates.

Natural-Language Policy Violations

Low

Confidence: 80% confidence
Finding: The example hard-codes a specific run time and time zone (4:00 AM America/Los_Angeles) without indicating that this should be user-selected or derived from existing preferences. In a scheduled auto-update skill, this can mislead users about when privileged update actions will execute, causing unexpected behavior or updates at inappropriate local times.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal