ClawHub

Clawdbot Release Check

Security checks across malware telemetry and agentic risk

Overview

The skill coherently checks GitHub for Clawdbot releases and can optionally create a daily notification job, with no artifact-backed malicious behavior found.

This appears safe for its stated purpose. Before installing the cron setup, confirm you want a persistent daily release check and that the Telegram/Discord/WhatsApp destination is correct; uninstall the job if you no longer want scheduled notifications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI10: Rogue Agents
Low
What this means

If you run setup, the checker may continue sending daily release notifications until you uninstall the job.

Why it was flagged

The setup script can create a persistent daily agent job that runs the release check and sends output. This is disclosed and purpose-aligned, but it continues until removed.

Skill content
"enabled": true, "schedule": { "kind": "cron", "expr": ("0 " + $hour + " * * *") }, "payload": { "kind": "agentTurn", "message": ("UPDATE_CHECK: Run " + $script + " and if there is output, send it to the user.")
Recommendation

Only run setup if you want scheduled checks, and use `scripts/setup.sh --uninstall` or review `~/.clawdbot/cron/jobs.json` if you want to remove it.

#
ASI07: Insecure Inter-Agent Communication
Low
What this means

Release-check output, including version information and possibly the local Clawdbot path shown in update instructions, may be sent to the configured messaging destination.

Why it was flagged

Scheduled output is delivered through a configured messaging channel such as Telegram, WhatsApp, or Discord. This matches the notification purpose, but the recipient/channel should be chosen carefully.

Skill content
"deliver": true, "channel": $channel, "to": $to
Recommendation

Use only a trusted recipient ID and channel, and avoid enabling scheduled delivery if you do not want this information sent off-device.

#
ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

Setup may fail or behave differently on systems without these additional tools.

Why it was flagged

The registry requirements list curl and jq, but setup.sh also invokes uuidgen, and check.sh has an npm fallback for locating a global install. This is a small dependency-declaration gap rather than suspicious behavior.

Skill content
JOB_ID=$(uuidgen | tr '[:upper:]' '[:lower:]')
Recommendation

Verify the needed tools are present before setup, or update the skill metadata to declare all binaries it may use.