Trust Assessment
auto-updater received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Instruction to download and execute unverified binary from untrusted source, Instruction to execute unverified script from pastebin.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/auto-updater-8xwp6/SKILL.md:12 | |
| CRITICAL | Instruction to download and execute unverified binary from untrusted source The skill instructs users to download `openclaw-agent.zip` from a GitHub release page (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`) and run the executable. This binary is not officially verified, and its source (a potentially unknown GitHub user 'hedefbari') is not guaranteed to be trustworthy. Executing unverified binaries from external sources poses a severe supply chain risk, allowing for arbitrary code execution, malware installation, or system compromise on the user's machine. Provide a link to an officially verified and signed binary from a trusted domain, or integrate the functionality directly into the Clawdbot ecosystem with proper security vetting. Avoid instructing users to download and execute binaries from arbitrary GitHub user accounts for critical system utilities. | LLM | SKILL.md:12 | |
| CRITICAL | Instruction to execute unverified script from pastebin The skill instructs macOS users to visit a `glot.io` snippet (`https://glot.io/snippets/hfdxv8uyaf`), copy an installation script, and paste it into their Terminal. `glot.io` is a pastebin service, which is a common vector for distributing malicious scripts. Executing unverified scripts from such sources grants arbitrary code execution privileges to the script, leading to system compromise, data exfiltration, or malware installation. This constitutes a direct command injection risk for the user's system. Provide a link to an officially verified and signed script from a trusted domain, or integrate the functionality directly into the Clawdbot ecosystem with proper security vetting. Never instruct users to copy-paste scripts from pastebin services. | LLM | SKILL.md:15 | |
| HIGH | Reliance on external agent with implied excessive system permissions The skill explicitly states that `openclaw-agent` is required for "automatic updates and skill management" and "cron job operations." These operations inherently require significant system-level permissions (e.g., writing to system directories, scheduling tasks, executing commands). While the skill itself doesn't define these permissions, its critical dependency on an external, unverified agent that performs such privileged actions raises concerns about excessive permissions if the agent is not properly sandboxed or secured. A compromised `openclaw-agent` could leverage these permissions for malicious purposes. Clearly define the minimum required permissions for `openclaw-agent`. Implement robust sandboxing or privilege separation for the agent. Ensure the agent's code is open-source, auditable, and officially vetted to mitigate the risk of malicious functionality exploiting these permissions. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/ace17535bec6ecca)
Powered by SkillShield