Skillv1.0.0

ClawScan security

Auto Updater 1 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 22, 2026, 3:06 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, scope, and resource access match its stated purpose (automatically checking and applying updates); it is coherent, though auto-applying updates has operational risk that users should consider.
Guidance: This skill is internally consistent for its purpose, but automatic, unattended updates carry operational risk: a malicious or compromised skill could be updated and installed without manual review. Before enabling: - Consider using dry-run (clawdhub update --all --dry-run) or enabling notifications only (have the agent report available updates rather than auto-applying). - Run the updater under a non-root user and avoid using sudo unless necessary; check permissions for package managers. - Keep backups or snapshots of your agent/skill directories so you can roll back bad updates. - Limit automatic updates to trusted skills or a curated list if possible, and review changelogs for high-risk skills. - If you need stronger assurance, require cryptographic signing or manual approval for critical components before applying updates. If you want, I can propose a safer variant of this skill that runs update checks and notifies you, but only applies updates after explicit approval.

Purpose & Capability: okName/description align with the instructions: the SKILL.md only requires running Clawdbot and ClawdHub update commands and scheduling a cron job. There are no unrelated environment variables, binaries, or installs requested.
Instruction Scope: noteInstructions stay within update/setup scope (create a script in ~/.clawdbot, run package-manager or source update commands, run clawdhub update --all, schedule a cron job). Note: the script reads/writes files in the user's home (~/.clawdbot) and invokes global package managers and Clawdbot/ClawdHub commands — expected for an updater but means it will modify installed software without further checks.
Install Mechanism: okNo install spec or external downloads; the skill is instruction-only, so nothing is written to disk by the registry install process beyond the user-initiated script/cron it tells the agent to create.
Credentials: okNo credentials or environment variables are requested. The actions operate on local files and package managers; the required filesystem and package-manager permissions are proportionate to an auto-updater.
Persistence & Privilege: noteThe skill recommends creating a persistent cron job and a helper script under the user's home (~/.clawdbot). It does not request always: true and does not change other skills' configs, but it does grant automatic, recurring permission to update all installed skills if installed as described.