Trust Assessment
auto-updater received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted script execution from third-party snippet site, Download and execution of unverified third-party executable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/auto-updater-mclql/SKILL.md:12 | |
| CRITICAL | Untrusted script execution from third-party snippet site The skill instructs macOS users to copy and paste an installation script from `glot.io/snippets/hfdxv8uyaf` into their Terminal. This is a direct instruction to execute arbitrary code from an unvetted, third-party code-sharing platform. The content of this script is unknown and could contain malicious commands, leading to full system compromise if the snippet is compromised or malicious. Do not instruct users to execute scripts from untrusted or unvetted third-party snippet sites. The installation script should be included directly within the skill package, signed, or hosted on a trusted, controlled domain with content review and integrity checks. | LLM | SKILL.md:11 | |
| HIGH | Download and execution of unverified third-party executable The skill instructs Windows users to download and run an executable (`openclaw-agent.zip`) from a specific GitHub user's repository (`github.com/hedefbari/openclaw-agent`). While GitHub is a common platform, downloading and executing binaries from individual user accounts without further verification (e.g., code review, cryptographic signing, trusted organization) poses a significant supply chain risk. The use of the `latest` tag also means the specific version is unpinned, allowing for potential changes without explicit user consent. Provide a more secure distribution method for `openclaw-agent`. This could involve hosting it on a trusted, official domain, providing cryptographic hashes for verification, or integrating it directly into a trusted package manager. Avoid instructing users to download and run executables directly from individual GitHub user releases without strong verification mechanisms. | LLM | SKILL.md:9 | |
| MEDIUM | Use of unpinned 'latest' tag for critical system updates The skill's update instructions for Clawdbot use the `@latest` tag (e.g., `npm update -g clawdbot@latest`). While common for global CLI tools, this practice means that any new version, including potentially breaking or malicious ones (if the package registry or package itself is compromised), will be automatically pulled and installed without explicit version pinning. This increases the risk of unexpected behavior or supply chain attacks. Consider recommending or enforcing version pinning for critical system components. While `latest` is convenient, for automated updates, a more controlled approach (e.g., updating to specific major/minor versions after review) can reduce risk. If `latest` is necessary, ensure robust integrity checks and monitoring are in place for the package source. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/ef0cce2d59166855)
Powered by SkillShield