ClawHub

Auto Updater Hold

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about setting up daily auto-updates, but it would make unattended recurring changes to Clawdbot and all installed skills.

Install only if you intentionally want Clawdbot and every installed skill to update automatically on a daily schedule. Prefer testing with a dry run first, consider manual or allowlisted updates for important workflows, verify the publisher/package identity, and make sure you know how to remove the cron job if updates cause problems.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase is broad and action-oriented, and it leads to setting up a recurring cron job that automatically updates software and skills. Because this creates persistent autonomous behavior and future file/package modifications, ambiguous activation increases the chance of accidental consent or unintended setup from a casual user request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description says the skill will automatically update Clawdbot and installed skills daily, but it does not prominently warn that this means recurring unattended modification of installed software and skill files. This weak disclosure is risky because users may enable the skill without realizing it grants ongoing update behavior that could introduce unwanted changes or supply-chain risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide instructs the agent to schedule unattended updates that modify the installed bot, run migrations via `clawdbot doctor --yes`, and update all skills, but it does not require an explicit warning or fresh user confirmation before making recurring system changes. This creates a real safety/security issue because automatic package and skill updates can introduce breaking changes or malicious upstream code on a schedule without the user's informed consent each time.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal