Skills Updater

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The artifacts describe a legitimate skills updater, but its auto mode can change all installed OpenClaw skills and write persistent reports, so it should be used deliberately.

Before installing or using this skill, understand that --auto can update all detected OpenClaw skills. Use --dry-run first, review the planned changes, keep the generated backups, and check the generated memory report if you do not want update history retained.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

Medium

What this means

Running auto-update can change multiple installed skills, which may alter how the user's agent behaves afterward.

Why it was flagged

The documented --auto mode can perform bulk updates to installed skills. That is expected for this skill, but it is a high-impact local mutation capability.

Skill content

### Auto-upgrade all skills
```bash
python3 ~/.openclaw/skills/skills-updater/scripts/check-skill-updates.py --auto
```

Recommendation

Run --dry-run first, review what will change, and use --auto only when the user explicitly wants all detected skill updates applied.

#ASI04: Agentic Supply Chain Vulnerabilities

Medium

What this means

If a remote skill update is bad or compromised, this updater could install it across the user's local skill set.

Why it was flagged

The updater intentionally installs the latest remote skill versions. This is purpose-aligned, but it means the user relies on ClawHub package provenance and publisher integrity.

Skill content

Update — Downloads and applies latest version from ClawHub

Recommendation

Prefer dry-run review, verify publisher/version/changelog where possible, and keep backups before applying broad updates.

#ASI06: Memory and Context Poisoning

Low

What this means

Future agent sessions may see or reuse the upgrade report, and it may reveal local skill inventory or update history.

Why it was flagged

The skill writes upgrade reports into the OpenClaw memory/workspace area, creating persistent context about installed skills and updates.

Skill content

Report — Writes summary to `~/.openclaw/workspace/memory/skill-upgrades-YYYY-MM-DD.md`

Recommendation

Review the generated memory report and delete it if the user does not want skill update history retained.

#ASI09: Human-Agent Trust Exploitation

Info

What this means

Users may be less able to confirm exactly which version they installed or whether documentation matches the packaged code.

Why it was flagged

The README contains inconsistent version labels, while the registry metadata and _meta.json also report different versions. This makes verification harder, though it does not show malicious behavior.

Skill content

# Skills Updater v1.0.7 ... **Version:** 1.0.0

Recommendation

Verify the installed package version and do not rely solely on the README's production-ready or audit claims.