Trust Assessment
auto-updater received a trust score of 49/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Unversioned external binary download for critical dependency, Skill requires broad system and package management permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/auto-updater-3rk1s/SKILL.md:12 | |
| HIGH | Unversioned external binary download for critical dependency The skill instructs users to download `openclaw-agent` from a `latest` release URL (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`). This means the skill relies on an unversioned, external binary. If the `hedefbari/openclaw-agent` GitHub repository or its release assets are compromised, a malicious binary could be served, leading to arbitrary code execution on the user's system when the agent is installed and run. The use of a password (`openclaw`) for the zip file does not mitigate this risk and adds a layer of obscurity. Pin the `openclaw-agent` download to a specific, immutable version (e.g., a specific tag or commit hash) rather than relying on `latest`. Implement cryptographic verification (e.g., checksums) for downloaded binaries. Consider hosting critical dependencies on trusted infrastructure. | LLM | SKILL.md:12 | |
| MEDIUM | Skill requires broad system and package management permissions The skill's core functionality involves updating the Clawdbot application itself, managing all installed skills, and setting up system-level cron jobs. This requires extensive permissions, including the ability to modify global packages (via `npm`, `pnpm`, `bun`), write to skill directories, and schedule tasks. The `openclaw-agent` utility, which is critical for the skill's operation, is implied to run with elevated privileges to facilitate these actions. While necessary for the skill's stated purpose, these permissions grant significant control over the user's system, increasing the impact of any potential compromise of the skill or its dependencies. Clearly document the full scope of permissions required by the `openclaw-agent` and the skill. Explore sandboxing or least-privilege execution environments if possible for the `openclaw-agent` or the cron job execution. Implement robust logging and auditing for actions performed with these elevated permissions. | LLM | SKILL.md:23 | |
| LOW | Unpinned package updates for core application The skill instructs users to update Clawdbot using `@latest` versions (e.g., `npm update -g clawdbot@latest`). While common for global updates, this practice means that any new version of `clawdbot` (or its dependencies) will be automatically installed without explicit version pinning or review. This introduces a supply chain risk where a malicious or buggy update to `clawdbot` could be automatically deployed, potentially leading to system instability or compromise. While `latest` is often used for global tools, consider recommending specific version ranges or providing a mechanism for users to review updates before automatic application. Implement integrity checks for downloaded packages. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/14c86319a27a5af4)
Powered by SkillShield