Skills
skills/zkl2333/skills/check-updates/Gen Agent Trust Hub

check-updates

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes openclaw --version and npm show openclaw version to gather version metadata from the local system and the npm registry.
  • [EXTERNAL_DOWNLOADS]: It accesses external data from well-known and trusted sources, specifically the npm registry and GitHub releases, to compare version numbers and fetch changelogs.
  • [REMOTE_CODE_EXECUTION]: The skill includes functionality to execute a system update via gateway action=update.run. This is the primary intended purpose of the skill and is documented to occur only after user confirmation.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data from changelogs and release notes via web_search.
  • Ingestion points: Fetches changelog content from web search results or GitHub releases.
  • Boundary markers: None explicitly defined for the external content.
  • Capability inventory: Includes execution of version checks and system updates.
  • Sanitization: Not explicitly mentioned, however, the update process is gated by user confirmation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 09:30 AM