Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
custom-skills-updater
v1.0.2Manage manually installed skills (non-ClawHub). Supports checking updates, updating, and listing custom skills from GitHub or local sources.
⭐ 0· 236·2 current·2 all-time
byAn Jing@qvshuo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md and README describe a GitHub-backed updater that uses the GitHub CLI (gh) to detect and apply updates; that capability matches the name/description. However, the registry metadata lists no required binaries even though the skill explicitly requires an authenticated gh CLI session for all remote operations. The missing declared dependency is an incoherence the user should know about.
Instruction Scope
Instructions stay within the stated scope: scanning REGISTRY.yaml, checking remote versions, downloading archives or files, and writing into skills/{name}/ plus updating REGISTRY.yaml. The SKILL.md enforces user approval before updates and defers updates when unattended. One behavior to note: when discovery cannot prompt the user it will register discovered skills as 'local' automatically—this could add entries to REGISTRY.yaml without full remote metadata.
Install Mechanism
This is an instruction-only skill with no install spec or code to download/execute. That minimizes install-time risk.
Credentials
No env vars or credentials are declared, which is consistent with an instruction-only skill. However, the skill relies on the user's gh CLI session (which may use stored GitHub tokens/credentials). Access to GitHub via gh is proportionate to the updater's purpose, but users should be aware gh's credentials are used implicitly.
Persistence & Privilege
The skill writes to REGISTRY.yaml and overwrites or updates files under skills/{name}/ as part of normal operation. It does not request 'always: true' or system-wide privileges. Still, extracting tarballs and copying remote content into the local skills directory is powerful—the SKILL.md requires explicit user approval for updates, which mitigates risk if followed.
What to consider before installing
This skill appears to do what it says, but take these precautions before installing or running it:
- Install and authenticate GitHub CLI (gh auth login). The SKILL.md requires gh, but the registry metadata does not list it—ensure gh is present and you understand which GitHub account/token it uses.
- Understand that updates involve downloading tarballs/files and writing into skills/{name}/ and updating REGISTRY.yaml. Keep backups of REGISTRY.yaml and any skills you care about before running updates.
- The skill promises to wait for interactive approval. If you run it unattended, it will defer updates but may register discovered skills as 'local' automatically—check REGISTRY.yaml for unexpected entries after discovery runs.
- Review the gh auth token's scope (least privilege) because gh operations use your credentials implicitly; a compromised token could allow remote repo access.
- If you require stricter guarantees, request the author add gh as a declared required binary in registry metadata and consider a dry-run mode where downloads are shown but not extracted.
Given the metadata omission (missing gh dependency) and the file-write/extract behavior, treat this as suspicious until you confirm the environment and backup state.Like a lobster shell, security has layers — review code before you run it.
latestvk9759ga7wk71ntb1vbkch6cm7582vhez
License
MIT-0
Free to use, modify, and redistribute. No attribution required.