Auto-Updater Skill

Security checks across malware telemetry and agentic risk

Overview

This skill openly sets up unattended daily updates, but it can automatically change Clawdbot and all installed skills without per-update approval.

Install only if you intentionally want Clawdbot and every installed skill to update automatically each day. Consider changing it to dry-run or notification-only, pinning critical skills, and keeping the documented cron removal command handy before enabling it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This skill explicitly configures unattended updates for both the core bot and all installed skills, but it does not present any warning, approval gate, pinning, or staged rollout mechanism. Automatically pulling and applying new code from package managers and a skill registry expands the supply-chain attack surface and can introduce breaking changes or malicious updates into the user's environment without review.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The guide sets up unattended daily updates that modify the agent, installed skills, and run migration/doctor commands without an approval gate, staging checks, or rollback guidance. This creates a supply-chain and operational risk: any bad upstream release, compromised package source, or breaking migration will be applied automatically and can alter behavior or disrupt the system before a user notices.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal