The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill generates and runs shell scripts and utilizes package managers to modify the global system state via the agent's environment.
Evidence: references/agent-guide.md creates a shell script at ~/.clawdbot/scripts/auto-update.sh and executes it to perform system-level updates.
[EXTERNAL_DOWNLOADS] (HIGH): The skill is designed to fetch code from external registries (npm and ClawdHub) daily.
Evidence: SKILL.md uses npm update -g clawdbot@latest and clawdhub update --all to pull new code from the internet.
[REMOTE_CODE_EXECUTION] (MEDIUM): Automated updates result in the background execution of new code that has not been reviewed by the user, creating a vector for supply chain attacks.
Severity justification: This is the primary purpose of the skill, so the severity is downgraded from HIGH/CRITICAL to MEDIUM per instructions.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection if updated components (skills or core) provide malicious instructions within their version changelogs or output summaries.
Ingestion points: The SKILL_OUTPUT variable in references/agent-guide.md captures stdout from external tools.
Boundary markers: None identified; the output is echoed directly into logs and summaries.
Capability inventory: The agent has access to npm, pnpm, bun, and clawdbot CLI tools which can modify the system.
Sanitization: No sanitization or filtering of the tool output is performed before it is presented back to the agent for formatting.

auto-updater