Trust Assessment
auto-updater received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill requires excessive system-level permissions, Automated installation of code from external registries without integrity checks.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Automated installation of code from external registries without integrity checks The skill's primary function is to automatically update Clawdbot and all installed skills by pulling the `@latest` versions from external package registries (npm, pnpm, bun) and the `clawdhub` registry. This process is automated via a daily cron job. If any of these external registries or the packages hosted on them are compromised (e.g., through a malicious new version or typosquatting), the skill will automatically download and install potentially malicious code onto the system without user intervention or explicit integrity verification. This creates a critical supply chain vulnerability, allowing an attacker to distribute malware through a compromised package. Implement robust integrity checks (e.g., cryptographic signatures, checksums) for all downloaded packages before installation. Pin dependencies to specific, verified versions rather than relying on `@latest` to prevent automatic installation of potentially compromised new versions. Require manual approval for significant updates or provide a mechanism for users to review changes before applying. | LLM | SKILL.md:30 | |
| HIGH | Skill requires excessive system-level permissions The skill's core functionality involves performing system-wide updates of Clawdbot and all other installed skills. This requires executing commands such as `npm update -g`, `pnpm update -g`, `bun update -g`, and `clawdhub update --all`. These operations demand elevated privileges (e.g., root or equivalent) to modify global package installations and write access to all skill directories. Automating such broad access via a cron job significantly increases the attack surface, as a compromised skill could leverage these permissions to install malicious software, tamper with other skills, or modify core system components. Review the necessity of global updates and broad filesystem access. Consider implementing a more granular permission model or sandboxing for skill execution. Implement strict integrity checks and user confirmation before applying updates that require elevated privileges. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/e1ed3529210da9be)
Powered by SkillShield