Back to skill

Security audit

Auto Updater 1.0.0

Security checks across malware telemetry and agentic risk

Overview

The skill does what it advertises, but it needs Review because it sets up daily unattended updates that can change Clawdbot and all installed skills without per-update approval.

Install only if you intentionally want daily unattended updates to Clawdbot and every installed skill. Review the cron entry and any helper script before enabling it, prefer dry-run or manual review for sensitive environments, keep a rollback path, and avoid third-party delivery of detailed update summaries unless you are comfortable sharing that operational metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs users to create a cron job that performs unattended updates of both the main application and all installed skills, which can modify executable code on a recurring basis without an approval gate or review step. This increases supply-chain and operational risk: a compromised registry, malicious update, or breaking release could be pulled automatically and applied broadly before the user notices.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide instructs creation of an unattended cron job that automatically updates the core bot and all installed skills, causing recurring software changes without an explicit warning, confirmation boundary, or rollback guidance. This increases supply-chain and operational risk because newly published packages or skills are executed automatically on a schedule, potentially breaking the system or introducing malicious code.

Self-Modification

High
Category
Rogue Agent
Content
# Capture new version
CLAWDBOT_VERSION_AFTER=$(clawdbot --version 2>/dev/null || echo "unknown")

# Update skills
log "Updating skills via ClawdHub..."
SKILL_OUTPUT=$(clawdhub update --all 2>&1) || true
echo "$SKILL_OUTPUT" >> "$LOG_FILE"
Confidence
95% confidence
Finding
Update skill

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.