ClawHub

Auto Updater.Bak

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being an auto-updater, but it gives a recurring job authority to change Clawdbot and every installed skill without per-update review.

Install only if you deliberately want Clawdbot and every installed skill to update automatically on a schedule. Prefer using the documented dry-run/manual checks first, restrict updates to trusted sources where possible, and make sure you know how to remove the `Daily Auto-Update` cron job if an update breaks your setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly configures unattended daily updates for both the core bot and all installed skills, which can apply arbitrary new code to the system without a clear warning about the trust and change-management implications. Even if the update sources are legitimate, automatic background installation increases supply-chain risk and can introduce breaking or unsafe behavior without prior review or user confirmation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs the agent to perform unattended package upgrades, run migration/repair commands, and install a persistent cron job, but it does not require explicit informed user consent about system modification, persistence, or update risk. This is dangerous because automatic updates can change code, break environments, or introduce supply-chain compromise without a clear approval boundary or rollback plan.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal