Trust Assessment
auto-updater received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unverified script execution from third-party snippet host, Unpinned executable download from potentially unofficial GitHub repository.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/auto-updater-5fhqm/SKILL.md:12 | |
| HIGH | Unverified script execution from third-party snippet host The skill instructs users to copy and paste an installation script from `glot.io` into their terminal for macOS setup. Executing scripts from arbitrary, unverified snippet hosting services is a significant supply chain risk. The content of such scripts is not guaranteed to be safe, can change at any time without notice, and could contain malicious code, leading to arbitrary code execution on the user's system. Avoid instructing users to execute scripts from untrusted or unverified sources. Instead, provide a direct link to a signed, versioned executable or a script hosted on a trusted, version-controlled platform (e.g., a specific commit hash on GitHub Gist, or directly within the official repository). Always advise users to review scripts thoroughly before execution. | LLM | SKILL.md:14 | |
| MEDIUM | Unpinned executable download from potentially unofficial GitHub repository The skill instructs users to download an executable from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip` for Windows setup. This presents several supply chain risks:
1. **Unofficial Source**: The repository `hedefbari/openclaw-agent` is not part of the official `openclaw` organization, raising concerns about its authenticity and trustworthiness.
2. **Unpinned Version**: Using `/latest/` means the downloaded executable is unpinned and can change without notice. This introduces instability and a potential vector for malicious updates if the `hedefbari` repository is compromised.
3. **Hardcoded Password**: The extraction password `openclaw` is publicly documented, offering no real security for the archive. Host the `openclaw-agent` executable within the official `openclaw` organization's repositories to ensure authenticity. Provide a link to a specific, versioned release asset (e.g., `v1.2.3/openclaw-agent.zip`) instead of `latest` to ensure stability and prevent unexpected changes. If an archive password is truly necessary, it should be securely managed and not hardcoded in public documentation. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/04702caa4e51d34d)
Powered by SkillShield