Auto Updater.Bak 2026 01 28T18:01:13+10:30
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: auto-updater-bak-2026-01-28t18-01-13-10-30 Version: 1.0.0 The skill is an auto-updater designed to update Clawdbot and its installed skills daily. It achieves this by instructing the agent to create a shell script (`auto-update.sh`) and schedule it via a cron job. While these actions involve high-risk capabilities like system modification and establishing persistence (via cron), they are explicitly aligned with the skill's stated purpose. There is no evidence of intentional harmful behavior such as data exfiltration, unauthorized remote control, or obfuscation. Prompt injection is used to provide functional instructions to the agent for performing updates and reporting, not for malicious objectives. The use of `|| true` in the update script to suppress errors is a minor concern for robustness but not indicative of malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad or incompatible update could change agent behavior, break installed skills, or apply migrations before the user reviews the changes.
The scheduled routine tells the agent to run non-interactive migrations and update every installed skill, which is broad mutation authority without per-update confirmation.
Then run: clawdbot doctor --yes ... Run: clawdhub update --all
Prefer a dry-run or approval step before applying updates, scope updates to selected skills where possible, and keep a rollback or backup plan.
If a registry package or skill update is compromised or simply buggy, the automated job may install it across the user's environment.
The skill pulls latest versions of the core bot and all skills from package/skill registries automatically, with no pinning, changelog review, or provenance check described.
npm update -g clawdbot@latest ... clawdhub update --all
Use trusted sources, review release notes, consider pinning versions, and avoid automatic updates for sensitive or production-like agent environments.
The updater can keep changing the user's bot and skills in the background until the cron job is removed or disabled.
The skill creates persistent scheduled agent activity that continues running daily after the initial setup.
This skill sets up a daily cron job ... clawdbot cron add --name "Daily Auto-Update" --cron "0 4 * * *"
Install only if you want persistent unattended updates; verify the cron entry and know how to remove it with `clawdbot cron remove "Daily Auto-Update"`.
Running the updater with excessive privileges could let future updates modify more of the local environment than intended.
The updater may need write access to installed skill directories and global package locations, which can pressure users to grant broader local privileges.
Permission errors: Ensure the Gateway user can write to skill directories
Run under the least-privileged account that can update the intended files, and avoid using `sudo` unless you fully trust the update source.