Back to skill

Security audit

Super Auto Updater Hold

Security checks across malware telemetry and agentic risk

Overview

This skill openly sets up daily unattended updates for Clawdbot and all installed skills, which is useful but high-impact enough to require careful review.

Install only if you intentionally want unattended daily updates. Prefer using the dry-run command first, limiting updates to trusted skills where possible, choosing your own schedule and timezone, and keeping a rollback plan for Clawdbot and skill versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs users to configure unattended daily updates for both the core tool and all installed skills, which can modify software and dependencies without per-run user review. While this appears intended for convenience rather than abuse, automatic update execution increases supply-chain and operational risk because registry compromise, a bad release, or incompatible update could be applied silently on a schedule.

Natural-Language Policy Violations

Low
Confidence
84% confidence
Finding
The example cron command hard-codes the timezone to America/Los_Angeles, which may cause updates to run at unexpected local times for other users. In the context of unattended updates, this can make behavior less predictable and slightly increase operational risk, though it is not directly a security exploit by itself.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide explicitly instructs users to configure unattended daily updates for both the core tool and all skills, including automatic application of changes via package managers and `clawdhub update --all`. Even if intended for maintenance, this creates a supply-chain and stability risk because unreviewed code changes can be pulled and applied automatically without approval, rollback guidance, or integrity safeguards.

Self-Modification

High
Category
Rogue Agent
Content
# Capture new version
CLAWDBOT_VERSION_AFTER=$(clawdbot --version 2>/dev/null || echo "unknown")

# Update skills
log "Updating skills via ClawdHub..."
SKILL_OUTPUT=$(clawdhub update --all 2>&1) || true
echo "$SKILL_OUTPUT" >> "$LOG_FILE"
Confidence
97% confidence
Finding
Update skill

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.