Security audit

Smart Updater

Security checks across malware telemetry and agentic risk

Overview

Smart Updater matches its update-management purpose, but it has enough authority to replace installed OpenClaw code from a mirror and force updates that users should review it carefully before installing.

Install only if you want this skill to scan your OpenClaw installation and have upgrade authority over skills, extensions, and core components. Use explicit manual invocations, review each proposed asset and changelog before approving, keep backups, and treat SkillHub mirror-based upgrades or any future auto-upgrade/cron mode as higher risk unless you are comfortable with unattended code changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The README advertises very broad natural-language triggers like "Check for updates" and "What's installed?" without any clear invocation boundary or namespace. In an agent ecosystem, this can cause accidental skill activation during ordinary conversation, leading the agent to enumerate installed software or begin update workflows in contexts the user did not explicitly intend.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The activation guidance is broad enough to match common conversation about updates, installed software, versions, or periodic checks, which could cause the skill to activate in situations the user did not intend. Because this skill can enumerate installed assets, access network sources, and later perform upgrades, overbroad triggering expands the attack surface and increases the chance of unauthorized or surprising execution paths.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The PRD introduces optional unattended patch auto-upgrades for software, extensions, and core components without clearly requiring explicit opt-in warnings, scope limits, or failure-handling guarantees. In an updater skill, unattended system changes materially increase the chance of unexpected code changes, breakage, or supply-chain exposure, especially because this skill manages multiple asset sources and can invoke package managers and git updates.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal