Scan Report
5 /100
openclaw-auto-updater-litiao
Schedule automatic OpenClaw and skill updates with reliable cron templates, timezone-safe scheduling, and clear summary outputs.
This is a legitimate OpenClaw auto-updater skill that schedules updates via the documented `openclaw cron add` CLI command with no hidden scripts, credential access, or exfiltration behavior.
Safe to install
Approve for use. The skill is a pure documentation-and-CLI-invocation package with no executable code beyond the documented `openclaw` and `clawdhub` commands.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Shell | READ | READ | ✓ Aligned | SKILL.md documents openclaw cron add / clawdhub update --all CLI invocations; no… |
| Filesystem | READ | READ | ✓ Aligned | Skill contains only markdown documentation; agent-guide.md describes an optional… |
| Network | READ | READ | ✓ Aligned | Only openclaw/clawdhub update commands (inherent to their function), no raw IP r… |
| Environment | NONE | NONE | — | No environment variable access found in any file |
| Skill Invoke | NONE | NONE | — | No inter-skill invocation documented or found |
| Clipboard | NONE | NONE | — | No clipboard access found |
| Browser | NONE | NONE | — | No browser access found |
| Database | NONE | NONE | — | No database access found |
File Tree
4 files · 7.6 KB · 305 lines Markdown 3f · 300L
JSON 1f · 5L
├─
▾
references
│ ├─
agent-guide.md
Markdown
│ └─
summary-examples.md
Markdown
├─
_meta.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ Skill contains only Markdown documentation files — no executable code distributed
✓ Core functionality uses only documented CLI commands (openclaw cron add, clawdhub update)
✓ No network requests to raw IPs, no external data exfiltration
✓ No credential harvesting, no environment variable enumeration, no sensitive path access
✓ No obfuscation techniques (base64, eval, atob) detected
✓ No supply chain risk — no dependencies or package files included
✓ No persistence mechanisms (cron written to the system is via the documented openclaw CLI, not a custom script)