Auto-Updater (Gateway)
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad or breaking upstream skill update could be installed automatically across the user's agent environment.
The workflow updates every installed skill. The artifact does not show allowlisting, version pinning, changelog review, or rollback before accepting upstream changes.
`clawdhub update --all`
Prefer report-only or approval-gated updates, review changelogs, allowlist what may update, and keep a rollback or backup plan.
The assistant runtime could change or restart on its own schedule, causing disruption or adopting unexpected behavior after an update.
The scheduled job message can direct the agent to mutate the core Clawdbot installation and restart the gateway. That is high-impact automation without a per-run confirmation step in the recommended command.
`if Clawdbot has an update available, apply it and restart; then run clawdbot doctor --non-interactive`
Use report-only mode unless you explicitly want unattended self-updates; require manual approval for Clawdbot updates and restarts.
Skill names, versions, paths, errors, and operational details from update reports could be sent to the wrong Telegram recipient.
The recommended delivery command contains a concrete Telegram recipient ID rather than a placeholder. If copied, update reports may go to an unintended account.
`--deliver --channel telegram --to "2095290688" ... report what changed`
Replace the recipient with your own verified destination or remove delivery; avoid sending verbose logs to external channels.
The updater may keep running daily until the cron job is disabled or removed.
The skill intentionally creates a recurring Gateway cron job and can wake it immediately. This is purpose-aligned, but it persists after setup.
`clawdbot cron add ... --cron "0 4 * * *" ... --session isolated ... --wake now`
After setup, verify the cron job list and know how to pause or delete the job before enabling unattended updates.
Updates will run with whatever permissions the logged-in ClawHub account has.
The workflow relies on a logged-in ClawHub CLI session to update skills. This is expected for the stated purpose, and the artifact does not show credential logging or unrelated use.
`clawdhub login --workdir /home/xabo/clawd --dir skills` and `clawdhub whoami`
Confirm the logged-in identity, use least-privilege credentials where possible, and avoid sharing logs that may reveal account or environment details.