Trust Assessment
auto-updater received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 3 critical, 0 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unverified external executable download from third-party source, Execution of unverified external script from third-party hosting service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/auto-updater-96ys3/SKILL.md:12 | |
| CRITICAL | Unverified external executable download from third-party source The skill instructs Windows users to download and run an executable (`openclaw-agent`) from a GitHub user (`hedefbari`) that is not the official `openclaw` organization. The download URL uses the `latest` tag, meaning the executable's content can change without notice, posing a significant supply chain risk. Running this executable grants it broad system access, making it a critical command injection vector if the `hedefbari` account or repository is compromised or malicious. The password for extraction (`openclaw`) offers no real security. 1. Host `openclaw-agent` executables directly within the `openclaw` organization's official repositories or a trusted, version-controlled artifact repository. 2. Pin the version of `openclaw-agent` to a specific, immutable release tag (e.g., `v1.0.0`) instead of `latest`. 3. Provide cryptographic hashes (e.g., SHA256) for downloaded executables for users to verify integrity. 4. Remove the misleading password protection. | LLM | SKILL.md:10 | |
| CRITICAL | Execution of unverified external script from third-party hosting service The skill instructs macOS users to visit `https://glot.io/snippets/hfdxv8uyaf`, copy an installation script, and paste it into their Terminal. `glot.io` is a third-party code snippet hosting service. The content of this script is not part of the skill package, is not version-controlled by the skill developer, and can be modified at any time by the snippet owner. Executing arbitrary code from an unverified external source is a severe supply chain risk and a direct command injection vulnerability, allowing for arbitrary code execution on the user's system. 1. Include the installation script directly within the skill package, making it auditable and version-controlled. 2. If an external script is absolutely necessary, host it on a trusted, official domain under the developer's control and provide cryptographic hashes for verification. 3. Avoid instructing users to copy-paste arbitrary scripts from third-party snippet services. | LLM | SKILL.md:12 |
Scan History
Embed Code
[](https://skillshield.io/report/6ec7b9a6a1caced1)
Powered by SkillShield