Auto-Updater Skill
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad, broken, or incompatible update could change how the agent behaves across many tasks without the user approving each change.
The skill directs the agent to run broad update operations that can change the core agent and every installed skill, not just this skill.
Updates Clawdbot itself ... Updates all installed skills (via `clawdhub update --all`)
Use a dry-run or manual review workflow before applying updates, and consider limiting updates to specific trusted skills or requiring confirmation for core-agent updates.
If an upstream package or skill release is compromised or unexpectedly changes behavior, the daily job could install it automatically.
The update flow pulls latest versions from external package/skill sources on a schedule, with no artifact-backed pinning, allowlist, changelog review, or per-version approval.
npm update -g clawdbot@latest ... clawdhub update --all
Prefer pinned or reviewed versions, verify update sources, and require user approval before installing new core or skill versions.
The updater will continue running daily and making changes even after the initial setup conversation is over.
The skill creates a persistent scheduled agent task. This is disclosed and central to the purpose, but users should notice that it keeps operating until removed.
clawdbot cron add ... --cron "0 4 * * *" ... --message "Run daily auto-updates..."
Only enable it if you want ongoing autonomous updates, and keep the provided removal command available: `clawdbot cron remove "Daily Auto-Update"`.
Running updater commands with elevated permissions would increase the impact of a bad update or mistaken command.
Global package updates may require elevated local permissions. The artifact does not force sudo, but it acknowledges privileged update paths.
Permission denied → suggest `sudo` or fixing permissions
Avoid giving the updater unnecessary administrator privileges; fix file ownership or use a least-privilege install path where possible.