Back to skill
Skillv1.0.0
VirusTotal security
Auto Updater 1 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 22, 2026, 3:26 AM
- Hash
- 973bac68e852c4b80c2a7e5e8efe3adb20b71c971ce8768be2df081c50014b9d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: auto-updater-1 Version: 1.0.0 The skill automates system-wide updates and establishes persistence via cron jobs, which are high-risk behaviors. It provides instructions for the agent to execute shell commands that update global packages (via npm, pnpm, or bun) and the core system (via 'clawdbot doctor --yes'), as detailed in SKILL.md and references/agent-guide.md. While these actions are aligned with the stated purpose of an auto-updater and include transparent reporting to the user, the requirement for broad system access, automated fetching of external code, and the creation of persistent scripts (~/.clawdbot/scripts/auto-update.sh) meet the threshold for a suspicious classification due to the inherent security risks involved.
- External report
- View on VirusTotal