skill-upgrade-checker
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If confirmed, the agent can change which skill versions are installed, which may affect future agent behavior.
The skill can run CLI update commands that modify installed skills, but it requires an explicit confirmation step before doing so.
Then ask: "Planned action: upgrade **N** skill(s)..." ... For each confirmed skill, in sequence: 1. Run `clawhub update <skill-slug>`
Review the exact update list and commands before confirming; avoid approving `all` unless you are comfortable with every listed upgrade.
Update actions will be performed using the currently authenticated ClawHub account.
The skill relies on the user's logged-in ClawHub CLI session for registry access and updates.
Authentication: Run `clawhub login` in advance. The clawhub CLI stores credentials in its own default config path
Make sure the CLI is logged into the intended account and has only the permissions you are comfortable using for skill updates.
A user relying only on registry preflight metadata may not realize the skill needs an authenticated ClawHub CLI until reading the skill instructions.
The registry-level requirements do not advertise the `clawhub` binary/login dependency that SKILL.md and _meta.json disclose, which may make setup requirements less visible before installation.
Required binaries (all must exist): none ... Primary credential: none
Confirm `clawhub` is installed and logged in before use; maintainers should align registry requirement declarations with the skill's documented prerequisites.