Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Smart Auto-Updater Pro
v1.0.0OpenClaw auto-update checker and safe applier. Checks for new versions, compares changelogs, and applies updates with rollback safety. Designed to run as a c...
⭐ 0· 648·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be an OpenClaw updater and the script indeed performs fetch/checkout/build/deploy of the OpenClaw repo, which is coherent. However the declared requirements list only 'git' while the script also depends on python3, docker/docker-compose, and pnpm or npm — those missing declarations are a capability/requirement mismatch.
Instruction Scope
SKILL.md and the script instruct the agent to operate directly on a host repository path (default /host/openclaw), perform git checkouts, rebuild images, and bring services up with docker compose. This legitimately touches system-level files and services but is broader than what's declared (no mention of docker or python). The script will modify running services and requires host Docker access; the cron examples also reference root paths which increases potential impact.
Install Mechanism
There is no install spec (instruction-only plus an included script), which minimizes installer risk because nothing is fetched during skill install. However the runtime operations (git fetch, docker build, pnpm/npm install, python3 usage) will perform network and disk activity at execution time — these are normal for an updater but should be noted.
Credentials
The skill declares no required environment variables, but the script reads OPENCLAW_REPO (with a default) and assumes access to host filesystem and Docker. Not explicitly declaring dependence on docker, pnpm/npm, or python3 (or documenting required privilege level) is disproportionate and may mislead users about what the skill needs.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. Autonomous invocation is allowed (platform default) but not combined with other high-privilege requests in the manifest. The script itself performs privileged actions at runtime if the agent runs it on a host with Docker access.
What to consider before installing
This skill contains a runnable updater script that will fetch tags, checkout releases, install dependencies, build, and restart services with Docker. Before installing or enabling it: 1) Verify provenance — confirm the author and homepage are trustworthy and match the repository used. 2) Inspect and test the script in an isolated environment (staging VM or container) — run it in check-only (--json) mode first. 3) Ensure required binaries are present and safe: python3, docker (and docker compose), and pnpm or npm — the skill's metadata only lists git but the script needs more. 4) Do not run the script as root on production hosts until you've validated rollback and health checks; it will modify running services. 5) Update the manifest to declare missing runtime requirements (python3, docker, pnpm/npm) and document the privilege/network expectations. If the author can provide an official repository URL (GitHub releases or similar) and update the metadata to list all runtime binaries and intended filesystem paths, the assessment could move from 'suspicious' toward 'benign'.Like a lobster shell, security has layers — review code before you run it.
agxntsixvk979k763fvx8fy6mn7taf9yrpd81715wlatestvk979k763fvx8fy6mn7taf9yrpd81715w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔄 Clawdis
Binsgit