auto-updater

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Skill Management and File Operations: The skill is designed to manage the local environment by reading and writing to directories such as ~/.claude/skills/. While this involves significant permissions, it is used for the intended purpose of updating and backing up installed skills.
  • External Content Retrieval: The skill interacts with remote registries to fetch commit SHAs and updated content. This is a functional requirement for checking for new versions, and the skill implements strict immutable SHA pinning to prevent the use of mutable tags.
  • Security Verification Framework: A comprehensive security logic called the 'GlassWorm gate' is included, which mandates re-scanning new versions of skills before installation to detect potential security regressions or 'poisoned' updates.
  • Indirect Prompt Injection Mitigation: The skill acknowledges the risk of processing attacker-controlled text from remote repositories. It specifies that these scans should be performed in a restricted, read-only subagent environment to prevent malicious instructions in an update from influencing the primary agent.
  • Privilege Escalation Monitoring: The update process explicitly flags changes to sensitive files like hooks/hooks.json or .mcp.json, as well as expansions in allowed-tools. This ensures that any change in the skill's permission surface is reviewed by a human.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 09:46 PM
Security Audit — agent-trust-hub — auto-updater