auto-updater
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Skill Management and File Operations: The skill is designed to manage the local environment by reading and writing to directories such as
~/.claude/skills/. While this involves significant permissions, it is used for the intended purpose of updating and backing up installed skills. - External Content Retrieval: The skill interacts with remote registries to fetch commit SHAs and updated content. This is a functional requirement for checking for new versions, and the skill implements strict immutable SHA pinning to prevent the use of mutable tags.
- Security Verification Framework: A comprehensive security logic called the 'GlassWorm gate' is included, which mandates re-scanning new versions of skills before installation to detect potential security regressions or 'poisoned' updates.
- Indirect Prompt Injection Mitigation: The skill acknowledges the risk of processing attacker-controlled text from remote repositories. It specifies that these scans should be performed in a restricted, read-only subagent environment to prevent malicious instructions in an update from influencing the primary agent.
- Privilege Escalation Monitoring: The update process explicitly flags changes to sensitive files like
hooks/hooks.jsonor.mcp.json, as well as expansions inallowed-tools. This ensures that any change in the skill's permission surface is reviewed by a human.
Audit Metadata