ClawHub

Auto Updater Backup

Security checks across malware telemetry and agentic risk

Overview

This skill is an updater helper, but it sets up persistent unattended updates that can replace Clawdbot and every installed skill without a review step.

Install only if you intentionally want Clawdbot and all installed skills to update automatically. Prefer dry-run or manual approval for skill updates, use version pinning or trusted sources where possible, review changelogs, and keep a rollback plan before enabling the daily cron job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly configures unattended daily updates that modify the Clawdbot installation and all installed skills, including global package updates and bulk skill updates. Even though this appears intended for convenience rather than abuse, automatic code-changing behavior without prominent warnings, approval gates, rollback guidance, or pinning increases supply-chain and stability risk because newly published upstream changes are applied automatically.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide instructs the agent to perform unattended package upgrades, source updates, migrations, and bulk skill updates that change the local system state without an explicit warning or fresh user confirmation at execution time. In an auto-update skill, this is especially risky because it normalizes recurring privileged changes and may introduce breaking changes or malicious upstream updates without the user understanding the consequences.

Natural-Language Policy Violations

Low
Confidence
84% confidence
Finding
The cron example hard-codes the timezone to America/Los_Angeles, which can cause updates to run at an unexpected local time if the user does not notice or is in a different region. In an auto-update workflow, unexpected execution time can increase operational risk because updates may occur during business hours or other sensitive periods.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal