Trust Assessment
auto-updater received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill requires broad system-level update permissions, Reliance on unpinned latest versions from external package registries.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 0676c56a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill requires broad system-level update permissions The `auto-updater` skill is designed to update the `Clawdbot` system itself and all installed skills. This involves executing commands like `npm update -g clawdbot@latest`, `clawdbot update`, `clawdbot doctor`, and `clawdhub update --all`. These operations require extensive system-level write permissions, including modifying global packages and skill directories. If this skill were compromised or misused, it could lead to the installation of malicious software, system instability, or data corruption due to its high privilege level. Ensure robust access control and integrity checks for the `clawdbot` and `clawdhub` executables. Implement strong sandboxing or isolation for skill execution environments if possible. Users should be fully aware of the high privileges granted to this skill and only install it from trusted sources. | Unknown | SKILL.md:20 | |
| HIGH | Reliance on unpinned latest versions from external package registries The skill's core function is to update `Clawdbot` and other skills to their `@latest` versions using standard package managers (`npm`, `pnpm`, `bun`) and a custom `clawdhub` tool. This approach inherently introduces supply chain risks:
1. **Unpinned Dependencies:** Always updating to `@latest` means there's no specific version pinning, making the system vulnerable if a malicious or buggy version is published to the upstream registry.
2. **External Registry Reliance:** The security and integrity of the `npm` registry (or other package managers) and the `clawdhub` registry are critical. A compromise of these registries could lead to the installation of malicious software onto the system. While updating to `@latest` is the explicit goal of an auto-updater, consider implementing mechanisms for: * **Integrity Verification:** Cryptographically verify package integrity (e.g., checksums, signatures) before installation. * **Staged Rollouts/Testing:** Introduce a delay or a testing phase before automatically deploying new `@latest` versions to production. * **Registry Hardening:** Ensure `clawdhub` and package managers are configured to use secure, trusted registries and protocols. * **Monitoring:** Implement robust monitoring for unusual activity or unexpected changes after updates. | Unknown | SKILL.md:55 |
Scan History
Embed Code
[](https://skillshield.io/report/c84d3f35674268c5)
Powered by SkillShield