自动检测本地与线上 skill 版本差异 - 支持 ClawHub/GitHub,定期检查更新
Security Analysis
medium confidenceThe skill largely does what it says (checks versions and can update), but several implementation and documentation mismatches and use of shell commands make its claims inconsistent and worth caution before installing.
The README/SKILL.md claim the tool will fetch 'all online skills (ClawHub + GitHub)', but the code only queries a hard-coded KNOWN_SKILLS list and only uses ClawHub for the periodic 'online' scan. GitHub is only used when attempting an update (git clone). The skill also reads ~/.openclaw/.backup.env (for GITHUB_USERNAME and interval) despite the registry metadata declaring no required env — this is a mismatch between claims and actual behavior.
Runtime instructions and the code generally align, but there are discrepancies: SKILL.md/README imply broader online discovery while the code limits discovery to a fixed list. The code executes shell commands (clawhub inspect, git clone, clawhub install) via execSync without sanitizing inputs; it reads/writes files under the user's home (~/.openclaw/workspace/skills and the skill's data/ directory). The skill suggests adding a cron job but does not itself add one.
No remote install or download step is declared and the package is instruction-only with a local index.js. Nothing in the manifest downloads arbitrary code at install time. However, runtime operations (git clone, clawhub install) will fetch remote repositories when you run update, which is expected for an updater.
The registry lists no required environment variables, yet the code will read ~/.openclaw/.backup.env for GITHUB_USERNAME and CATCH_INTERVAL. These are not secrets, but the skill does access a user file not declared in metadata. No credentials (tokens/keys/passwords) are requested or used by the code as written.
The skill does not request always:true and does not modify other skills' configs. It writes its own data files under its data/ directory and interacts with ~/.openclaw/workspace/skills, which is consistent with an updater/tracker.
Guidance
Before installing, be aware of these points: - Claims vs implementation: The README says it fetches all online skills, but the code only checks a hard-coded KNOWN_SKILLS list and only queries ClawHub for the periodic check. If you expect automatic discovery of every skill on ClawHub/GitHub, this implementation doesn't do that. - Shell commands: The script runs shell commands (clawhub inspect/install, git clone) with execSync and interpolated strings. That will clone and install code from remote repos when you run update. Only run this on a machine where you're comfortable allowing those operations, and review the repos it will clone. - Input sanitization: update uses the skill name directly in shell commands. If you run update with untrusted names, there is a risk of command injection. Prefer to only update skills from trusted names, or inspect/modify the code to validate names or use safer child_process APIs (no shell interpolation). - File access: The skill reads/writes ~/.openclaw/.backup.env, ~/.openclaw/workspace/skills, and its own data/*.json files. Check the .backup.env file for unexpected content before use. - Practical checks: If you plan to use it, consider reviewing index.js (particularly getOnlineSkills/initLocal/updateSkill) and either (a) remove or expand the hard-coded KNOWN_SKILLS, (b) add input validation/sanitization for skill names, and (c) confirm you want cron-style periodic checks that will run these commands. Given the mismatches and the use of shell operations, proceed with caution and inspect/adjust the code to match your security expectations before enabling automated runs.
Latest Release
v1.0.0
自动检测本地与线上 skill 版本差异
More by @russellfei
Published by @russellfei on ClawHub
