Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Update
v1.0.0Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of what changed.
⭐ 0· 1.1k·1 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes exactly the expected behavior for an auto-updater (scheduling a cron job, running clawdbot/clawdhub update commands). However, the skill repeatedly requires the 'openclawcli' utility for operation but the registry metadata lists no required binaries or primary credential — an explicit prereq is missing from the declared requirements. That mismatch is an incoherence worth flagging.
Instruction Scope
Runtime instructions stay within the stated purpose: add a cron job, run clawdbot/clawdhub update, and report results. They reference system state (cron.enabled, Gateway running) and advise checking Task Manager / process state which is reasonable for a scheduler. The instructions do, however, point users to downloading/activating external tooling (openclawcli) and include global package-manager commands that will modify system-installed packages — operations that require elevated filesystem privileges and are therefore sensitive.
Install Mechanism
There is no formal install spec (instruction-only), which is low-risk in itself, but the SKILL.md tells users to download openclawcli from a third-party GitHub release (github.com/Ddoy233/...) and to run a snippet from glot.io. Those are not clearly official project hosts and could deliver arbitrary code; recommending these resources without verification is a high-risk practice.
Credentials
The skill declares no environment variables or credentials, which matches the low-declaration footprint. However, it performs privileged operations (global npm/pnpm/bun updates, writing to skill directories, creating cron jobs) that implicitly require filesystem write permissions or elevated privileges; this is proportionate to an updater but should be made explicit. Also, the missing declared dependency on openclawcli hides an important required binary/privilege.
Persistence & Privilege
The skill's persistent effect is to create a scheduled cron job that runs daily — this matches the updater purpose and 'always' is not set. It does introduce ongoing privileged activity (periodic updates that modify installed software), but that is within scope for an auto-updater and is not inherently an overreach in metadata or flags.
What to consider before installing
This skill appears to do what it says (schedule and run updates) but has two things you should verify before installing: (1) The SKILL.md expects you to install and run 'openclawcli' but the skill metadata does not declare that required binary — ask the publisher to add it to metadata. (2) The instructions point to a third-party GitHub release and a glot.io snippet for installing openclawcli; treat these as unverified installers. Do not run arbitrary downloaded executables without verifying the publisher and release integrity. If you proceed: review the exact cron command the skill will install, run clawdhub update --all --dry-run first, back up any critical skills/config, ensure you are comfortable granting the user running Clawdbot permission to update global packages, and prefer installing openclawcli from an official project release or your organization's vetted source. If you cannot validate the openclawcli source, consider performing updates manually instead.Like a lobster shell, security has layers — review code before you run it.
latestvk97360z1f0m1x6edkt5j5dskh980ygak
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔄 Clawdis
OSWindows · macOS · Linux