ClawHub

OpenClaw Updater (LinZ)

Security checks across malware telemetry and agentic risk

Overview

This updater mostly matches its stated purpose, but it can repeatedly change the OpenClaw installation without per-run confirmation, so it should be reviewed before use.

Install only if you trust this publisher and want this skill to modify OpenClaw itself. Prefer --dry-run/manual updates, avoid enabling cron unless unattended updates are acceptable, avoid sudo where possible, and review or delete local backups if your OpenClaw workspace contains private data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
71% confidence
Finding
The updater archives `.openclaw/workspace` in addition to configuration, which gives the update mechanism access to potentially sensitive user data unrelated to installing software. Even though the archive stays local in this script, this broad data access violates least privilege and creates unnecessary exposure if backups are later read, mishandled, or compromised.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase list includes generic phrases like 'check for updates' that could match unrelated user intent and invoke a system-modifying updater unexpectedly. In a skill that can install packages globally and schedule recurring updates, overly broad activation increases the risk of unintended execution and user surprise.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The auto-update instructions describe cron-based unattended execution that can modify the system on a recurring basis without emphasizing per-run confirmation or clear user warning. This is dangerous because it normalizes persistent, unsupervised package installation, which can cause unexpected changes, breakages, or amplified impact if the update source is compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal