ClawHub

Auto Updater 1.0.0

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it advertises, but it sets up unattended daily updates that can change the bot and installed skills without clear review or rollback controls.

Install only if you intentionally want automatic daily updates. Review the cron entry and script before enabling it, consider pinning or limiting update sources, keep backups or rollback steps, and avoid sending detailed update logs to third-party notification services unless you are comfortable exposing that metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This skill instructs users to configure unattended daily updates for both the core application and all installed skills, which can introduce unreviewed code and system changes on a schedule. Even if the update sources are legitimate, automatic execution increases supply-chain and operational risk because a bad update, compromised registry entry, or breaking change could be applied without user review or rollback planning.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide explicitly instructs setting up unattended daily updates that modify the bot and installed skills, but it does not require an explicit warning or confirmation about ongoing automatic software changes. That creates a real safety issue because future code changes from upstream sources will be applied without contemporaneous user review, increasing the chance of unexpected breakage or supply-chain compromise.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The customization section suggests delivery through external providers such as Telegram without warning that update summaries may expose software inventory, versions, errors, or environment details to third parties. This is dangerous because scheduled outbound notifications can leak sensitive operational metadata and could be intercepted or misdirected if the provider configuration is wrong.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal