Auto Updater.Disabled

This SKILL.md implements a legitimate auto-update flow, but you should be cautious before enabling automatic, unattended updates. What to check before installing: - Metadata mismatches: confirm the skill slug/owner in the registry match the included _meta.json and that the source is trustworthy. - Verify tools exist: the instructions assume 'clawdbot' and 'clawdhub' (and possibly npm/pnpm/bun). The skill metadata should declare these; if they aren't present the setup will fail. - Prefer dry-runs and manual approval: schedule checks (clawdhub update --all --dry-run) or have the cron only report available updates rather than auto-applying them. Automatic apply means code from the registry will run on your system without per-update review. - Restrict permissions: run the updater as a non-root, unprivileged user where possible to limit the blast radius if a malicious update is applied. - Add verification: if your environment supports package signing or checksums, require verification before applying updates; consider pinning critical skills. - Backup & logging: ensure the script's logs and a rollback plan exist (e.g., snapshots or the ability to reinstall a previous version). If you want a safer default, ask the skill (or author) to change the setup to: (1) perform daily checks and notify with a summary, (2) require an explicit 'apply updates' action from you, or (3) default to dry-run and provide an opt-in flag to auto-apply.