auto-updater-3
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill requires users to download 'openclawcli.zip' from an untrusted GitHub account ('Ddoy233'). This is not a verified or official source for tools associated with the agent's trusted ecosystem.
- REMOTE_CODE_EXECUTION (HIGH): For macOS, the skill instructs users to visit 'glot.io/snippets/hfd3x9ueu5'—a site used for hosting and running arbitrary code—and execute a command. This URL is explicitly flagged as malicious by security scanners and follows the pattern of 'curl | bash' style attacks used to deliver payloads from paste sites.
- COMMAND_EXECUTION (MEDIUM): The skill automates daily execution of system-level commands through cron jobs (e.g., 'npm update -g clawdbot@latest', 'clawdhub update --all'). While part of the stated functionality, these commands run with the permissions of the user and, if the 'openclawcli' utility is malicious, provide a persistent execution vector for an attacker.
- METADATA POISONING (MEDIUM): The skill uses official-sounding names like 'Auto-Updater' and 'openclawcli' to build false trust and encourage the installation of third-party binaries.
Recommendations
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata