Trust Assessment
auto-updater received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Execution of untrusted script from third-party pastebin, Download of unverified executable from specific GitHub user.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/auto-updater-5buwl/SKILL.md:12 | |
| CRITICAL | Execution of untrusted script from third-party pastebin The skill instructs macOS users to copy and paste an installation script from `glot.io`, a third-party pastebin service, directly into their terminal. This is a severe supply chain risk as the content of the script is unknown, unverified, and could change at any time, potentially leading to arbitrary command execution on the user's system. Relying on such an ephemeral and untrusted source for critical system setup is highly dangerous. Provide a signed, verified installation script directly within the skill package, or link to a trusted, version-controlled source (e.g., a specific commit on a GitHub repository) with clear instructions for verification (e.g., checksums). Avoid instructing users to execute code from pastebin services. | LLM | SKILL.md:17 | |
| HIGH | Download of unverified executable from specific GitHub user The skill instructs Windows users to download an executable (`openclaw-agent.zip`) from a specific user's GitHub repository (`hedefbari`). While GitHub is a generally trusted platform, relying on a specific user's repository for a critical system utility introduces a supply chain risk. If the `hedefbari` account or repository is compromised, malicious software could be distributed. The executable is also password-protected, which adds a layer of obscurity but does not mitigate the fundamental trust issue. Host the `openclaw-agent` executable on an official, verified domain controlled by the project. Provide checksums or digital signatures for verification. Clearly document the purpose and permissions required by `openclaw-agent`. | LLM | SKILL.md:14 | |
| HIGH | Skill requires broad system-level write permissions The core functionality of this 'auto-updater' skill involves updating the Clawdbot framework itself and all installed skills. This inherently requires broad write access to system directories where Clawdbot and skills are installed, as well as the ability to execute package manager commands (`npm`, `pnpm`, `bun`) and custom `clawdbot`/`clawdhub` commands, potentially with elevated privileges. The documentation explicitly mentions 'Ensure the Gateway user can write to skill directories.' While necessary for its function, this level of access, if compromised, could allow a malicious actor to modify or delete arbitrary system files, install malicious software, or escalate privileges. Implement a robust sandboxing or least-privilege execution model for skills. If not possible, clearly document the security implications of granting such broad permissions and provide mechanisms for users to review and approve updates before they are applied. Ensure the `openclaw-agent` and `clawdbot` framework itself are highly secure and regularly audited. | LLM | SKILL.md:88 |
Scan History
Embed Code
[](https://skillshield.io/report/dfb8892637ea1b99)
Powered by SkillShield