ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wan Auto Updater

v1.0.0

Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of w...

0· 54·1 current·1 all-time
byWu Di@starryforest-ymxk·fork of @maximeprades/auto-updater (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: it installs a cron job that runs clawdbot and clawdhub update commands. However, the bundled _meta.json metadata (ownerId and slug) does not match the registry metadata shown above, which is a packaging/ provenance inconsistency worth flagging.
Instruction Scope
SKILL.md and references explicitly instruct creating a script at ~/.clawdbot/scripts/auto-update.sh, writing logs to ~/.clawdbot/logs/auto-update.log, and running global package manager updates (npm/pnpm/bun -g) and clawdhub update --all. These actions are within the updater's scope but grant the skill ability to run system package managers and modify files in the user's home; they also recommend remedies like sudo for EACCES. The instructions don't attempt to read unrelated secrets or external endpoints beyond the normal package registries and ClawdHub/Clawdbot.
Install Mechanism
This is an instruction-only skill with no install spec or code files to download; nothing will be written by an installer aside from the script/log the instructions ask the agent to create.
Credentials
No environment variables or credentials are requested by the skill (ok). However, the update actions will invoke networked package managers and may require elevated filesystem permissions (npm -g / package installs), which the instructions acknowledge (EACCES, sudo). That is proportional to updating but increases supply-chain and privilege risk.
Persistence & Privilege
The skill recommends adding a cron job via cla wdbot cron add and creating persistent helper scripts/logs in the user's home. It does not set always: true and does not request system-wide config changes beyond its own scripts/logs. Persistent execution via cron is expected for an auto-updater but increases attack surface if the update commands or registries are compromised.
What to consider before installing
This skill is internally consistent with an auto-updater, but review before installing: 1) Verify provenance — the registry metadata shown to you differs from the _meta.json inside the package (different ownerId/slug). That could indicate repackaging or a publishing error. 2) Inspect the exact script (~/.clawdbot/scripts/auto-update.sh) the agent will create and the cron entry before enabling it. 3) Consider starting with dry-run: run `clawdhub update --all --dry-run` manually to see what would change. 4) Be aware it runs global package updates (npm/pnpm/bun -g) which can require elevated permissions; prefer running under an isolated/non-root user or restrict to non-global updates if possible. 5) Keep backups and a way to roll back critical skills; automatic updates increase supply-chain risk. 6) If you don’t trust the source owner or the registry entry mismatch, do not enable the cron job; instead perform updates manually or from a verified package/repository.

Like a lobster shell, security has layers — review code before you run it.

latestvk9746vd8mvyk14kqs8twctvts183e5cq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSmacOS · Linux

Comments