Trust Assessment
auto-updater received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned and Suspicious `openclaw-agent` Download for Windows, Arbitrary Script Execution from `glot.io` for macOS `openclaw-agent`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/auto-updater-nlt3m/SKILL.md:12 | |
| CRITICAL | Unpinned and Suspicious `openclaw-agent` Download for Windows The skill instructs Windows users to download `openclaw-agent.zip` from a specific user's GitHub repository (`hedefbari`) using an unpinned `latest` tag. This makes the source untrustworthy and vulnerable to supply chain attacks if the `hedefbari` account or repository is compromised. The use of `latest` means the content can change without notice. Additionally, requiring a password (`openclaw`) to extract the zip adds obscurity but does not enhance security, and the executable is then run with implied high privileges. Recommend downloading `openclaw-agent` from an officially verified source (e.g., `openclaw` organization), using a cryptographically signed release, and pinning to a specific version/hash instead of `latest`. Avoid requiring passwords for extraction of executables. | LLM | SKILL.md:10 | |
| CRITICAL | Arbitrary Script Execution from `glot.io` for macOS `openclaw-agent` The skill instructs macOS users to copy and paste an installation script from `glot.io` (a public snippet sharing site) into their terminal. Running arbitrary scripts from untrusted or ephemeral sources like `glot.io` is a severe supply chain risk, as the content of the script can change at any time and could contain malicious code, leading to command injection or system compromise. This grants the script full control over the user's system. Provide a secure, verified, and version-controlled installation method for `openclaw-agent` (e.g., official package manager, signed installer, or a script hosted on a trusted domain with a specific version/hash). | LLM | SKILL.md:13 | |
| HIGH | Implied Excessive Permissions Granted by `openclaw-agent` The `openclaw-agent` is described as essential for "automatic updates and skill management," which inherently requires broad system-level permissions (e.g., modifying system files, installing/updating global packages, managing other skills). While the skill itself doesn't directly request these, it relies on an external agent installed via highly insecure methods that will operate with these elevated privileges. This creates a significant attack surface, especially given the critical supply chain risks associated with its installation. Review the `openclaw-agent` itself to ensure it operates with the principle of least privilege. If possible, containerize or sandbox the agent's operations. Given the insecure installation methods, prioritize fixing those to ensure the agent itself is trustworthy. | LLM | SKILL.md:16 |
Scan History
Embed Code
[](https://skillshield.io/report/824fbfa990f734af)
Powered by SkillShield