Trust Assessment
auto-updater received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Suspicious `openclaw-agent` source and distribution method, Skill requires and relies on an external agent with broad system privileges from an untrusted source.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/auto-updater-jkiuq/SKILL.md:12 | |
| CRITICAL | Suspicious `openclaw-agent` source and distribution method The skill requires `openclaw-agent` to function. The provided download link for Windows (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`) points to a GitHub user `hedefbari` instead of the official `openclaw` organization (`github.com/openclaw`). This is a strong indicator of a potential typosquat, impersonation, or malicious fork. Furthermore, the macOS installation instructs users to copy a script from `https://glot.io/snippets/hfdxv8uyaf`, a third-party pastebin service. Content on such services can be altered at any time by the snippet owner, allowing for arbitrary code injection and execution on the user's system. The password-protected zip file for Windows is also suspicious. 1. Verify the legitimate source for `openclaw-agent`. If `hedefbari` is not the official maintainer, update the link to the correct, trusted source. 2. Avoid using third-party pastebin services like `glot.io` for distributing installation scripts. Instead, embed the script directly in the skill's repository, provide a direct link to a version-controlled script within the official GitHub repository, or use a package manager. 3. Investigate the reason for the password-protected zip file and remove this practice if it's not for a legitimate security reason. | LLM | SKILL.md:10 | |
| HIGH | Skill requires and relies on an external agent with broad system privileges from an untrusted source The skill explicitly states that `openclaw-agent` is required for 'automatic updates and skill management' and that 'Without openclaw-agent installed, automatic updates and skill management will not work.' The update operations described (global package updates, `clawdbot update`, `clawdhub update --all`) inherently require significant system-level permissions. Given the critical supply chain risks identified with the `openclaw-agent` (suspicious source, mutable installation script), requiring an agent with such broad permissions from an untrusted origin poses a severe security risk. Address the underlying supply chain risks for `openclaw-agent`. Ensure the agent is sourced from a trusted, verifiable origin. Clearly document the exact permissions required by `openclaw-agent` and justify their necessity. Consider if the agent's functionality can be scoped down or if updates can be performed with less privileged mechanisms. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/73eb014c973ef7d4)
Powered by SkillShield