Trust Assessment
auto-updater received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, `openclaw-agent` sourced from untrusted GitHub user, macOS installation uses script from public snippet service (`glot.io`).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/auto-updater-eclpb/SKILL.md:12 | |
| CRITICAL | `openclaw-agent` sourced from untrusted GitHub user The skill requires `openclaw-agent` for its core functionality, but directs users to download it from `https://github.com/hedefbari/openclaw-agent`. This GitHub user (`hedefbari`) is not the official `openclaw` organization, raising a significant supply chain risk. A malicious agent downloaded from this untrusted source could gain full system access and compromise the entire environment. Ensure `openclaw-agent` is sourced directly from the official `openclaw` organization or a verified, trusted domain. Avoid third-party GitHub users for critical system components. | LLM | SKILL.md:13 | |
| CRITICAL | macOS installation uses script from public snippet service (`glot.io`) The macOS installation instructions direct users to copy and paste a script from `https://glot.io/snippets/hfdxv8uyaf`. `glot.io` is a public code snippet sharing service where content can be easily modified by the snippet owner. Running arbitrary scripts directly from such services is a severe supply chain risk, allowing for potential arbitrary code execution and system compromise if the snippet is altered maliciously. Host installation scripts on a trusted, controlled domain (e.g., `docs.clawd.bot`) with proper versioning and integrity checks. Never instruct users to execute scripts directly from public snippet services. | LLM | SKILL.md:16 | |
| HIGH | Automatic updates use unpinned "latest" versions The skill instructs the system to update `clawdbot` and other skills to their `@latest` versions (`npm update -g clawdbot@latest`, `clawdhub update --all`). This practice means that any new version, including potentially malicious or buggy ones, will be automatically installed without explicit review or version pinning. This increases the risk of introducing vulnerabilities or breaking changes through a compromised upstream package or registry. Implement version pinning or a review process for updates. Consider using a mechanism that allows for testing new versions in a staging environment before deploying to production, or at least requires explicit approval for major version bumps. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/02d78a01d8d8a32e)
Powered by SkillShield