Trust Assessment
clawdbot-update-plus received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 16 findings: 9 critical, 4 high, 3 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Sensitive environment variable access: $HOME, Sensitive path access: AI agent config.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings16
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/hopyky/clawdbot-update-plus/bin/lib/cron.sh:14 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/hopyky/clawdbot-update-plus/bin/lib/cron.sh:18 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/hopyky/clawdbot-update-plus/bin/lib/cron.sh:31 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/hopyky/clawdbot-update-plus/bin/lib/cron.sh:39 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/hopyky/clawdbot-update-plus/bin/lib/cron.sh:47 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/hopyky/clawdbot-update-plus/bin/lib/cron.sh:55 | |
| CRITICAL | Persistence / self-modification instructions Piping content into crontab Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/hopyky/clawdbot-update-plus/bin/lib/cron.sh:35 | |
| CRITICAL | Command Injection via `eval rsync` with user-controlled excludes The `create_backup` function in `bin/lib/backup.sh` constructs `rsync` exclude arguments from the `exclude` array within the `backup_paths` configuration. These arguments are then passed to `eval rsync`. If an attacker can modify the `clawdbot-update.json` configuration file, they can inject arbitrary shell commands into the `exclude` array. These injected commands will be executed by `eval`, leading to arbitrary command execution on the system. Avoid using `eval` with user-controlled input. Instead of building `rsync_args` as a single string, construct an array of arguments (e.g., `rsync_args=('-a')` and then `rsync_args+=("--exclude=$exclude")`). Execute `rsync` with the array: `rsync "${rsync_args[@]}" "$dir_path/" "$tmp_backup_dir/$dir_label/"`. This prevents shell interpretation of the arguments. | LLM | bin/lib/backup.sh:60 | |
| CRITICAL | Command Injection via unsanitized cron schedule The `install_cron` function in `bin/lib/cron.sh` constructs a cron command string (`cron_cmd`) using `$cron_schedule`, which is taken directly from user input (`$1`). This `cron_cmd` is then written to the user's crontab using `crontab -`. If `$cron_schedule` contains shell metacharacters (e.g., `;`, `&`, `|`), an attacker can inject and execute arbitrary commands on the system at the scheduled time. Sanitize the `$cron_schedule` input to ensure it only contains valid cron schedule characters. Implement strict input validation using a regular expression to match the expected cron schedule format. Do not directly concatenate unsanitized user input into commands that are executed by the shell or other interpreters. | LLM | bin/lib/cron.sh:20 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hopyky/clawdbot-update-plus/bin/lib/config.sh:81 | |
| HIGH | Persistence mechanism: Crontab modification Detected Crontab modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/hopyky/clawdbot-update-plus/bin/lib/cron.sh:31 | |
| HIGH | Persistence mechanism: Crontab modification Detected Crontab modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/hopyky/clawdbot-update-plus/bin/lib/cron.sh:55 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hopyky/clawdbot-update-plus/bin/lib/restore.sh:109 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/hopyky/clawdbot-update-plus/bin/lib/config.sh:6 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/hopyky/clawdbot-update-plus/bin/lib/restore.sh:154 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/hopyky/clawdbot-update-plus/bin/lib/utils.sh:48 |
Scan History
Embed Code
[](https://skillshield.io/report/3aa86941e5427dc8)
Powered by SkillShield