ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Auto Updater Litiao

v1.0.0

Schedule automatic OpenClaw and skill updates with reliable cron templates, timezone-safe scheduling, and clear summary outputs. Use for hands-off maintenanc...

0· 106·1 current·1 all-time
by@litiao1224
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md only describes scheduling cron jobs that run OpenClaw and clawdhub update commands and produce summaries. No unrelated credentials, binaries, or external endpoints are requested.
Instruction Scope
Instructions ask the agent/user to detect installation type, optionally create a helper script (~/.openclaw/scripts/auto-update.sh), write logs under ~/.openclaw/logs, and add cron entries. Reading home-paths and creating local scripts is within the updater's scope but is worth noting because it creates persistent artifacts and runs package-manager and update commands.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded artifacts. No external archives or installers are suggested, so there is no install-time execution risk introduced by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested beyond touching ~/.openclaw and checking common package-manager/global install locations. That access is proportional to performing local updates.
Persistence & Privilege
The skill recommends adding cron jobs and optionally creating a helper script, which gives the updater persistent, scheduled execution. The skill is not marked always:true and does not request elevated system-wide privileges; however automatic scheduled updates can cause restarts or run network-updated code, so monitor and test before enabling widely.
Assessment
This skill appears to do what it says: schedule OpenClaw + ClawHub updates and emit summaries. Before installing, do the following: 1) Run the recommended dry-run mode first to see exactly what would change. 2) Inspect the exact cron message/commands you will schedule (and the optional ~/.openclaw/scripts/auto-update.sh) so you know what will run. 3) Confirm you trust ClawHub and any sources that provide skill updates (updating skills may pull third-party code). 4) Be aware npm/pnpm/bun global updates may require elevated permissions; prefer package-manager-safe workflows or run in an isolated/test environment. 5) Ensure you have backups and a rollback plan (updates can restart gateways). If you want extra safety, pin versions, restrict updates to 'core only' initially, and monitor the created log file under ~/.openclaw/logs.

Like a lobster shell, security has layers — review code before you run it.

latestvk9775hc8e6dd7rwtfy48ezy9ds833hzz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments