Trust Assessment
auto-updater received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 0 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted executable download required for skill functionality, Untrusted script execution required for skill functionality.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/auto-updater-p5rmt/SKILL.md:12 | |
| CRITICAL | Untrusted executable download required for skill functionality The skill requires users to download and run an executable (`openclaw-agent`) from a third-party GitHub user (`hedefbari`) for Windows. This executable is not hosted by the official `openclaw` or `clawdbot` organizations, making it a significant supply chain risk. The use of a password (`openclaw`) for extraction is also unusual and suspicious. Running arbitrary executables from untrusted sources can lead to arbitrary code execution, data exfiltration, or system compromise. Host `openclaw-agent` executables on official `openclaw` or `clawdbot` infrastructure, sign the executables, and provide cryptographic hashes for verification. Avoid requiring arbitrary executables from unknown third parties. | LLM | SKILL.md:9 | |
| CRITICAL | Untrusted script execution required for skill functionality The skill requires users to copy and paste an installation script from `glot.io` (a pastebin-like service) into their Terminal for macOS. Content on `glot.io` can be changed at any time by the author, allowing for dynamic injection of malicious code. Executing arbitrary scripts from untrusted, volatile sources is a severe supply chain risk and can lead to arbitrary code execution, data exfiltration, or system compromise. Provide a stable, officially hosted, and cryptographically verifiable installation method for `openclaw-agent` on macOS. Avoid using pastebin-like services for critical installation steps. | LLM | SKILL.md:11 | |
| MEDIUM | Unpinned dependencies used for critical updates The skill uses `@latest` for `npm`, `pnpm`, and `bun` updates (`npm update -g clawdbot@latest`). While this ensures the newest version, it lacks specific version pinning. This introduces a supply chain risk where a compromised registry or a malicious update could introduce breaking changes or vulnerabilities without explicit user review. Consider implementing version pinning or a more controlled update mechanism that allows for review before applying the absolute latest version. For critical system components, a more robust update strategy might be warranted. | LLM | SKILL.md:66 |
Scan History
Embed Code
[](https://skillshield.io/report/f41634c3d38fa820)
Powered by SkillShield