Back to skill

Security audit

Auto-Updater Skill

Security checks across malware telemetry and agentic risk

Overview

This skill openly performs daily automatic updates, but it can change Clawdbot and every installed skill without review before each update.

Install only if you intentionally want Clawdbot and all installed skills to update automatically on a daily schedule. Before enabling it, consider switching to dry-run or notify-only behavior, limiting updates to trusted skills, avoiding sudo-based fixes, and keeping the documented cron removal command available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The guide explicitly instructs the agent to suggest using sudo to resolve update failures, introducing a privilege-escalation path that is not necessary for the core purpose of scheduling updates. In a security-sensitive automation context, encouraging elevated execution can turn a routine updater into a mechanism for running package and skill updates with root privileges, increasing the blast radius if any updated component is compromised.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill clearly automates recurring software and skill updates via cron, but the description and setup flow do not provide an upfront, explicit warning that it will modify installed software on a scheduled basis. This can cause users to enable persistent self-modifying behavior without fully understanding the scope, which increases supply-chain and stability risk if updates introduce breaking changes or malicious code from upstream sources.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill is designed to perform unattended package and skill updates on a daily schedule, which causes recurring system changes and network activity without an explicit warning, approval boundary, or trust model for fetched content. Because it updates both the main tool and all installed skills, it creates a supply-chain exposure and may surprise users with persistent automated modification of their environment.

Self-Modification

High
Category
Rogue Agent
Content
# Capture new version
CLAWDBOT_VERSION_AFTER=$(clawdbot --version 2>/dev/null || echo "unknown")

# Update skills
log "Updating skills via ClawdHub..."
SKILL_OUTPUT=$(clawdhub update --all 2>&1) || true
echo "$SKILL_OUTPUT" >> "$LOG_FILE"
Confidence
97% confidence
Finding
Update skill

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.