ClawHub

Oc Self Update

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw updater that can change the installed package after user confirmation, so it is sensitive but purpose-aligned.

Install this only if you want your agent to help update OpenClaw itself. Before approving an update, check the selected channel, prefer stable unless you intentionally want beta or dev, and understand that confirming the install changes the global OpenClaw package and requires a manual gateway restart.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly advertises self-updating and channel switching, which can modify the installed OpenClaw package, but it does not warn users about the security and operational implications of changing executable code. In an agent skill context, silent package modification increases supply-chain and integrity risk because users may invoke the skill without understanding it can alter the bot installation.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation description uses broad, generic update-related phrases like 'upgrade the bot' and 'install a new version,' which could cause the skill to trigger in situations where the user did not intend to modify the local installation. Because this skill performs package installation, accidental invocation can lead to unintended self-modification and execution of code fetched through the package supply chain.

Self-Modification

High
Category
Rogue Agent
Content
# OpenClaw Update

Check for OpenClaw updates and self-update the installation.

## Requirements
Confidence
86% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
---
name: oc-self-update
description: Check for OpenClaw updates and self-update the installation. Use when the user asks to update OpenClaw, check for updates, upgrade the bot, install a new version, or says a new release is available.
metadata: {"openclaw":{"requires":{"bins":["npm"]}}}
---
Confidence
91% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
---
name: oc-self-update
description: Check for OpenClaw updates and self-update the installation. Use when the user asks to update OpenClaw, check for updates, upgrade the bot, install a new version, or says a new release is available.
metadata: {"openclaw":{"requires":{"bins":["npm"]}}}
---
Confidence
91% confidence
Finding
self-update

Self-Modification

High
Category
Rogue Agent
Content
metadata: {"openclaw":{"requires":{"bins":["npm"]}}}
---

# OpenClaw Self-Update

OpenClaw is distributed as an npm package. Version scheme: `YYYY.M.D` (date-based).
Confidence
89% confidence
Finding
Self-Update

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal