Self-Modification
High
- Category
- Rogue Agent
- Content
- `clawdbot --version` - `clawdhub list` (skills + versions) 2) Update skills - `clawdhub update --all` 3) (Optional) Update Clawdbot
- Confidence
- 96% confidence
- Finding
- Update skill
Security audit
Security checks across malware telemetry and agentic risk
This skill is transparent about auto-updating, but it sets up persistent unattended jobs that can update all installed skills and optionally update or restart Clawdbot.
Review before installing. Replace all paths and the Telegram recipient, prefer report-only checks first, require manual approval before updating Clawdbot or restarting services, and confirm you know how to list, pause, or delete the Gateway cron job.
- `clawdbot --version` - `clawdhub list` (skills + versions) 2) Update skills - `clawdhub update --all` 3) (Optional) Update Clawdbot
- `clawdhub update --all` 3) (Optional) Update Clawdbot - Only if the owner explicitly wants self-updates. - After updating, run `clawdbot doctor --non-interactive`. - Restart gateway if required.
- **Timezone field:** in Gateway job objects this is `schedule.tz` (IANA tz like `Europe/Stockholm`). - **Delivery:** Prefer explicit `channel` + `to` so the job always reaches you. - **Clawdbot self-update:** can be disruptive (restarts). Run at a quiet time. ## Troubleshooting
64/64 vendors flagged this skill as clean.
No suspicious patterns detected.