ClawHub

Auto Updater.Bak 2026 01 28T18:01:13+10:30

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it sets up unattended daily changes to Clawdbot and all installed skills, so users should review the risk before enabling it.

Install only if you intentionally want Clawdbot and all installed skills to update automatically every day. Safer use would start with dry-run checks, review updates before applying them, pin or limit trusted sources where possible, and confirm you know how to remove the cron job if an update breaks your setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs users to enable unattended daily updates for both the core bot and all installed skills, but it does not warn that this permits automatic code changes without review. That creates supply-chain and operational risk: a bad upstream release, compromised registry entry, or breaking update could be fetched and applied automatically on a schedule.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide instructs the agent to enable automatic package and skill updates that change the local environment without requiring explicit per-run confirmation or prominently warning the user about the risks of unattended changes. This can introduce breaking changes, supply-chain updates, or unintended modifications to the bot and installed skills, especially because updates are fetched and applied automatically.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The cron job schedules unattended execution of update and migration commands in an isolated session with delivery enabled, which can repeatedly alter software and configuration without active user review. Because it includes both `clawdbot doctor --yes` and `clawdhub update --all`, the job may apply migrations and third-party skill changes automatically, increasing the chance of disruptive or unsafe environment changes.

Self-Modification

High
Category
Rogue Agent
Content
# Capture new version
CLAWDBOT_VERSION_AFTER=$(clawdbot --version 2>/dev/null || echo "unknown")

# Update skills
log "Updating skills via ClawdHub..."
SKILL_OUTPUT=$(clawdhub update --all 2>&1) || true
echo "$SKILL_OUTPUT" >> "$LOG_FILE"
Confidence
95% confidence
Finding
Update skill

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal