Back to skill

Security audit

Smart Auto Updater

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it can automatically and repeatedly update OpenClaw and installed skills based on weakly bounded risk decisions, so it should be reviewed before use.

Install only if you are comfortable with an agent making update decisions for OpenClaw and installed skills. Start with dry-run or report-only mode, avoid scheduled auto-apply in production, review webhook destinations and report contents, and enable automatic updates only with a rollback plan and clear approval policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The documented scoring model caps the maximum possible total at 3.0 because all four dimensions are scored 1-3 and the weights sum to 1.0. Since HIGH is defined as > 3.5, the system can never classify any update as HIGH risk, causing dangerous or breaking updates to be systematically downgraded to MEDIUM and potentially handled less cautiously than intended.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill description explicitly advertises automatic updating and 'hands-off maintenance' but does not prominently warn that the skill may modify the system by installing updates. That omission can mislead users into invoking a system-changing capability without informed consent, increasing the chance of unintended changes or outages.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The quick-start commands encourage immediate execution of the updater without a prominent notice that, depending on configuration, it may automatically apply updates. This is more dangerous in context because the skill is specifically designed to make autonomous update decisions, so a user could trigger package or skill changes from a simple example command without realizing the system-modifying consequences.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.