ClawHub

Smart Auto Updater

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it can schedule unattended OpenClaw and skill updates based on weakly bounded AI risk decisions and can send update metadata to third-party webhooks.

Install only if you are comfortable with an agent making update decisions for OpenClaw and installed skills. Use report-only or dry-run mode first, avoid scheduled auto-apply in production, review webhook destinations and report contents, and require a clear rollback plan before enabling automatic updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly promotes automatic updating and 'hands-off maintenance' but does not clearly warn users that invoking it may change installed software. In an updater context, undocumented autonomous modification of system state is security-relevant because users may trigger it without informed consent, leading to unintended package or skill changes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Quick Start commands encourage immediate execution but do not disclose that the run may auto-apply low-risk updates. This is dangerous because users may copy-paste the example expecting a harmless check, while the skill may perform live changes based on internal AI risk classification.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The integration guide presents recurring cron jobs that trigger a 'smart update' workflow, including language like 'auto-update LOW risk,' without a prominent warning that software changes may be applied automatically on a schedule. In an updater skill, this increases the chance that operators enable unattended changes without fully understanding the operational and security implications, which can lead to unexpected package changes, outages, or deployment of a bad update.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The webhook examples show Feishu, Slack, and Discord integrations but do not warn that update reports may contain package names, versions, infrastructure details, or failure diagnostics that are transmitted to third-party services. In a maintenance/updater context, this can leak sensitive operational metadata outside the environment and create compliance or confidentiality issues.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal