auto-updater
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Configures a persistent daily cron job via the
clawdbot crontool to automate maintenance tasks. - [COMMAND_EXECUTION]: Executes shell commands and package managers (
npm,pnpm,bun) to upgrade global system packages and the agent's core binary. - [EXTERNAL_DOWNLOADS]: Connects to remote software registries to fetch and install updates for the agent and its skills.
- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface (Category 8) where the agent processes and summarizes output from external tools like
clawdhub, though the risk is minimal and consistent with the skill's administrative purpose.
Audit Metadata