ClawHub

Auto Updater.Local

Security checks across malware telemetry and agentic risk

Overview

This skill openly sets up automatic daily updates, but it can change Clawdbot and every installed skill without per-update approval.

Install only if you intentionally want Clawdbot and every installed skill to update automatically on a schedule. Prefer manual or dry-run updates, pin or allowlist trusted sources where possible, review update summaries, avoid unnecessary admin privileges, and confirm you know how to remove the cron job before enabling it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly configures unattended daily updates for both the core bot and all installed skills, which can make file and system changes without contemporaneous user review. This increases supply-chain and operational risk: a bad upstream release, compromised registry package, or breaking update could be automatically pulled and applied on a schedule, and the documentation does not prominently warn users about those risks or recommend safeguards such as staging, pinning, or confirmation before apply.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide instructs users to configure unattended updates that will modify the installed bot and its skills on a schedule, but it does not prominently warn that this enables ongoing automatic code changes from external sources. In a security-sensitive agent environment, silent background updates increase supply-chain and operational risk because new code can be introduced without review, testing, or explicit user approval at execution time.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The cron job runs update and migration actions automatically, including `clawdbot doctor --yes`, which suppresses confirmation and may apply system-affecting fixes or migrations without supervision. This is more dangerous in context because the task is scheduled, isolated, and delivered automatically, creating a durable mechanism for repeated unattended modification of the runtime and installed components.

Self-Modification

High
Category
Rogue Agent
Content
# Capture new version
CLAWDBOT_VERSION_AFTER=$(clawdbot --version 2>/dev/null || echo "unknown")

# Update skills
log "Updating skills via ClawdHub..."
SKILL_OUTPUT=$(clawdhub update --all 2>&1) || true
echo "$SKILL_OUTPUT" >> "$LOG_FILE"
Confidence
97% confidence
Finding
Update skill

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal