Trust Assessment
auto-updater received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 4 critical, 0 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Execution of untrusted script from public snippet service, Download of executable from potentially malicious or typosquatted GitHub repository.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/auto-updater-2yq87/SKILL.md:12 | |
| CRITICAL | Execution of untrusted script from public snippet service The skill instructs macOS users to copy and paste an installation script from `https://glot.io/snippets/hfdxv8uyaf` into their Terminal. `glot.io` is a public snippet hosting service where content can be easily modified by the snippet owner or if the account is compromised. Executing arbitrary scripts from such sources without prior review is a critical security risk, allowing for arbitrary command injection and system compromise. Do not instruct users to execute scripts from untrusted, mutable sources like `glot.io`. Provide the script directly within the skill package, or link to a version-controlled, immutable source (e.g., a specific commit hash on GitHub). Implement signature verification for scripts. | LLM | SKILL.md:16 | |
| CRITICAL | Download of executable from potentially malicious or typosquatted GitHub repository The skill instructs Windows users to download `openclaw-agent.zip` from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`. The repository `hedefbari/openclaw-agent` is not the official `openclaw/openclaw-agent` (assuming `openclaw` is the official organization based on `Clawdbot` and `ClawdHub`). This could be a typosquatting attempt or a malicious fork. Additionally, using the `latest` tag means the executable can change at any time without explicit user review, posing a significant supply chain risk. Link to the official `openclaw` organization's repository for `openclaw-agent`. Use specific version tags or commit hashes instead of `latest` for executables. Implement checksum verification for downloaded binaries. | LLM | SKILL.md:13 | |
| CRITICAL | Persistent, privileged command execution enabled by cron job and untrusted agent The skill instructs users to configure a daily cron job (`clawdbot cron add`) that will execute system-level update commands (e.g., `npm update -g`, `clawdhub update --all`) via the `openclaw-agent`. Given that the `openclaw-agent` itself is sourced from highly untrusted and mutable locations (as detailed in other findings), this setup creates a critical vulnerability. A compromised `openclaw-agent` would gain persistent, scheduled execution capabilities with the user's privileges, allowing for arbitrary command injection and system compromise without further user interaction. Address the underlying supply chain risks for `openclaw-agent`. Ensure the agent is sourced from a trusted, verified, and immutable location. Implement strict sandboxing for the agent and the commands it executes. Require explicit user confirmation for each update or provide a mechanism for users to review and approve changes before execution. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/1f13ce8e60e62060)
Powered by SkillShield