ClawHub

My Auto Updater

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be an update-maintenance helper, but it sets up recurring unattended updates that can change the core bot and all installed skills without per-update approval.

Only install this if you intentionally want unattended daily updates. Before enabling it, confirm how to disable the cron job, whether updates can be reviewed first, whether specific skills or versions can be pinned, and how to roll back a bad update.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This skill explicitly configures unattended daily updates for both the core bot and all installed skills, which creates a supply-chain and operational risk if an upstream package, registry entry, or skill update is malicious, compromised, or simply breaking. The danger is increased because the changes are automatic, broad in scope, and scheduled via cron, while the documentation does not prominently warn users that installed software will be modified without per-update confirmation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs the agent to schedule unattended daily updates that modify Clawdbot and all installed skills, but it does not require an explicit warning or confirmation about the risks of automatic software changes. Because updates pull and execute newly published code on a recurring basis, this increases supply-chain and stability risk, especially when the agent is told to apply changes automatically and then report afterward.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal