Trust Assessment
auto-updater received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Skill requires and executes broad system commands, Automatic installation of unpinned latest versions from external registries.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill requires and executes broad system commands The skill's core functionality involves executing shell commands such as `npm update -g`, `pnpm update -g`, `bun update -g`, `clawdbot update`, `clawdbot doctor`, and `clawdhub update --all`. It also sets up cron jobs using `clawdbot cron add`. These operations require and exercise broad system permissions, including global package management and task scheduling. While necessary for an auto-updater, this capability presents a high-risk attack surface if the skill or its dependencies were compromised, potentially leading to arbitrary command execution or system modification. Implement strict input validation and sanitization if any part of the commands were to be dynamically constructed from untrusted input. Ensure the execution environment for cron jobs is as least-privileged as possible. Regularly audit the skill's code for vulnerabilities and adhere to the principle of least privilege. | LLM | SKILL.md:29 | |
| HIGH | Automatic installation of unpinned latest versions from external registries The skill is designed to automatically update `clawdbot` and other skills by fetching the 'latest' versions from external package registries (e.g., `npm update -g clawdbot@latest`, `clawdhub update --all`). This process occurs without explicit version pinning or human review, making the system vulnerable to supply chain attacks. If a malicious or compromised update is published to `npm` or the `clawdhub` registry, this skill would automatically download and execute it, potentially compromising the entire system. Implement version pinning for all dependencies to prevent automatic installation of potentially malicious or breaking updates. Consider a manual review process or a delayed update mechanism for critical components. Implement cryptographic verification of package integrity where possible. | LLM | SKILL.md:47 |
Scan History
Embed Code
[](https://skillshield.io/report/5a5787ada6fabdf5)
Powered by SkillShield