ClawHub

Openclaw Auto Updater 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill clearly does what it says, but it creates an unattended updater that can repeatedly change Clawdbot and every installed skill without per-update approval.

Install only if you intentionally want Clawdbot and all installed skills to update automatically on a schedule. Consider starting with dry runs, limiting updates to trusted or pinned sources, keeping rollback steps or backups, and confirming you know how to remove the cron job with `clawdbot cron remove "Daily Auto-Update"`.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill schedules unattended updates that will automatically modify the Clawdbot installation and all installed skills, but the description does not prominently warn users that software changes will occur on a recurring basis. This creates a meaningful consent and supply-chain risk: users may enable it without realizing it can pull and apply third-party code changes automatically, potentially causing breakage or introducing compromised updates.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide instructs the agent to perform package-manager updates and run migration/repair commands that change system state, but it does not require an explicit warning or fresh confirmation before making those changes. Because these actions can alter globally installed software, trigger migrations, and affect availability or compatibility, unattended use increases the chance of unintended or harmful modifications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The cron instructions create an unattended recurring job that will continue executing update commands automatically, yet the guide does not present a prominent warning about persistent autonomous execution or the risks of ongoing system changes. This is more dangerous than a one-time update because it establishes long-lived behavior that can repeatedly modify the environment without renewed user review.

Self-Modification

High
Category
Rogue Agent
Content
# Capture new version
CLAWDBOT_VERSION_AFTER=$(clawdbot --version 2>/dev/null || echo "unknown")

# Update skills
log "Updating skills via ClawdHub..."
SKILL_OUTPUT=$(clawdhub update --all 2>&1) || true
echo "$SKILL_OUTPUT" >> "$LOG_FILE"
Confidence
97% confidence
Finding
Update skill

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal