Trust Assessment
auto-updater received a trust score of 80/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Automatic installation of unpinned dependencies, Skill requires broad system-level write permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Automatic installation of unpinned dependencies The skill's documentation describes updating 'clawdbot' using '@latest' tags for 'npm', 'pnpm', and 'bun', and updating all skills using 'clawdhub update --all'. This means the skill will automatically fetch and install the newest available versions without specific version pinning. If a malicious update is published for 'clawdbot' or any installed skill, this skill will automatically install it, leading to a supply chain compromise. Implement version pinning for 'clawdbot' and skills. Instead of 'clawdbot@latest', specify a major/minor version (e.g., 'clawdbot@^2.0.0'). For 'clawdhub update', consider options for more controlled updates or manual review, or at least a mechanism to roll back. | LLM | SKILL.md:39 | |
| MEDIUM | Skill requires broad system-level write permissions The skill's core functionality involves updating system-wide packages (Clawdbot) and installed skills. This necessitates broad write access to system directories (e.g., global npm packages, skill installation paths). While necessary for its operation, this level of access means that if the skill itself were compromised or contained malicious code, it could perform arbitrary system modifications, leading to significant system integrity risks. The documentation explicitly mentions 'Ensure the Gateway user can write to skill directories.' While broad permissions are required for this skill's function, consider implementing the principle of least privilege where possible. For example, ensure the skill runs with the minimum necessary user privileges. Implement robust integrity checks for updates. Consider sandboxing mechanisms if available in the Clawdbot ecosystem. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/7c58552d60ad5b06)
Powered by SkillShield