Auto Updater 1

Security checks across malware telemetry and agentic risk

Overview

This updater skill appears intended to automate updates, but it gives broad recurring authority to change the bot and all installed skills without a clear approval gate.

Install only if you intentionally want automated maintenance. Prefer running it in notify-only or dry-run mode, pin trusted skills or versions, review changelogs before applying updates, and avoid enabling any daily cron job that updates all skills without confirmation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Rogue AgentSelf-Modification, Session Persistence
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly instructs users to configure unattended daily updates for both the core bot and all installed skills, which results in automatic installation of new code on the user's system. Even if this is framed as convenience functionality, the absence of a clear warning, approval gate, or trust-boundary discussion increases supply-chain risk: a compromised registry, malicious update, or breaking change could be applied automatically and persist via cron.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The guide instructs the agent to schedule unattended package and skill updates that modify the local system on a recurring basis, but it does not require explicit user acknowledgement of risks such as breakage, changed behavior, dependency conflicts, or trust in remote update sources. Because the updates affect both the core bot and all installed skills, any upstream compromise or incompatible release can be applied automatically and repeatedly without human review.

Self-Modification

High

Category: Rogue Agent
Content: # Capture new version CLAWDBOT_VERSION_AFTER=$(clawdbot --version 2>/dev/null || echo "unknown") # Update skills log "Updating skills via ClawdHub..." SKILL_OUTPUT=$(clawdhub update --all 2>&1) || true echo "$SKILL_OUTPUT" >> "$LOG_FILE"
Confidence: 96% confidence
Finding: Update skill

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal