Skillv1.0.0

ClawScan security

Auto Updater.Tmp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 10:04 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions match its stated purpose (automatically running daily updates of Clawdbot and installed skills), but auto-updating code has inherent risks that you should understand before enabling.
Guidance: This skill is coherent with its stated purpose, but auto-updating software is a high-impact action — it will run package-manager update commands and install updated skills from whatever registry your ClawdHub uses. Before enabling: 1) Verify you trust the ClawdHub registry and the source of skill updates; automatic updates can install malicious or broken code. 2) Run clawdhub update --all --dry-run and test the helper script manually first to see expected output. 3) Ensure the cron job runs under the correct (non-root) user and that permissions for ~/.clawdbot are appropriate. 4) Keep backups or enable rollback mechanisms for critical configs. 5) Consider limiting automatic updates to specific skills or running them on a weekly cadence until you're comfortable. 6) Review logs in ~/.clawdbot/logs and configure delivery (e.g., do not send update summaries to untrusted external endpoints). If you want, test the flow manually once before enabling daily automation.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, and reference docs consistently state the same goal: schedule daily checks and run Clawdbot/clawdhub update commands. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope: noteThe instructions instruct the agent to create a helper script under ~/.clawdbot, add a cron job via clawdbot cron, run package-manager commands (npm/pnpm/bun global updates, clawdbot update) and clawdhub update --all, and write logs to ~/.clawdbot/logs. This is in-scope for an auto-updater but implies executing arbitrary third-party update code and writing persistent logs; the skill does not add integrity/verification steps for updates.
Install Mechanism: okInstruction-only skill (no install spec, no code files beyond docs). No downloads or archive extraction are performed by the skill itself — lowest install risk from this package.
Credentials: okThe skill declares no required env variables or credentials. It may require filesystem write permissions for ~/.clawdbot and appropriate privileges to run global package updates (which is expected), but it does not request unrelated secrets or creds.
Persistence & Privilege: noteThe skill recommends creating a persistent cron job (via clawdbot cron add) and a helper script under the user's home directory. always:false is set (not force-enabled). This persistent scheduling is expected but changes the system's behavior over time and should be approved by the user.