Check for new clawdbot releases and notify once per new version.
Security Analysis
high confidenceThe skill does what it says: it checks GitHub releases for clawdbot, caches state under your home directory, and can register a local scheduled job to notify you via a messaging channel — nothing in the code indicates unexplained exfiltration or unrelated credential access.
The skill's name/description match the included scripts: it fetches releases from GitHub and notifies once per version. Minor inconsistencies: the scripts call npm (npm root -g) and uuidgen but the declared required binaries list only curl and jq; SKILL.md also suggests a macOS-specific restart command (launchctl) but the skill has no OS restriction declared. These are usability/information gaps rather than evidence of malicious behavior.
Runtime instructions and scripts stay within the advertised scope: they call the GitHub releases API, compare against a local package.json, generate notification text, and store state/cache under ~/.clawdbot. setup.sh writes a jobs.json entry describing how a gateway should run the check and deliver output to a channel (telegram/whatsapp/discord). That behavior is consistent with the described notify-once-per-version purpose; note that setup trusts an external gateway process to read jobs.json and deliver output to the configured channel.
This is an instruction-only skill with included shell scripts; there is no download or archive extraction. Nothing is pulled from arbitrary URLs during install. Risk is low from an install mechanism perspective.
The skill does not request secrets or credentials. It optionally accepts configuration env vars (CLAWDBOT_DIR, CACHE_MAX_AGE_HOURS) and setup requires you to pass a Telegram ID if you choose that channel. There are no unexplained credential requests.
The skill writes files under the user's home directory (~/.clawdbot) and adds a job to that local jobs.json; it does not request always:true or modify global/system-wide skill settings. It does not alter other skills' configs. It does require that a gateway process read jobs.json to run scheduled checks and deliver messages — that is expected for its notify behavior.
Guidance
This skill appears to be internally consistent and limited in scope, but review these points before installing: - Files written: the scripts write state and cache to ~/.clawdbot and add a cron/job entry at ~/.clawdbot/cron/jobs.json. If you want to remove it later, run setup.sh --uninstall and delete ~/.clawdbot. - Gateway delivery: setup.sh creates a job payload instructing your local gateway to run the check script and deliver any output to the configured channel (e.g., Telegram). Make sure you understand and trust the gateway process that will act on jobs.json, since it will forward the script output to external channels you select. - Undeclared tools: the scripts call npm (to auto-detect a global install) and uuidgen. The skill's metadata only declared curl and jq. Ensure those binaries exist (or set CLAWDBOT_DIR explicitly) to avoid runtime errors. - Platform note: SKILL.md references launchctl (macOS) for restarting the gateway — if you are not on macOS, the gateway restart instruction won't apply; nothing else is OS-restricted in the code, but behavior depends on the local environment. - Run manually first: before enabling the scheduled job, run scripts/check.sh --status (or --force) to inspect output and confirm it behaves as you expect. If you need higher assurance, inspect the scripts locally (they are small and included) and confirm your gateway trusts jobs.json only from your user account. If you see any unexpected remote endpoints (other than GitHub) in the future, do not install.
Latest Release
v1.0.1
Fix: Stay silent when running ahead of latest release (dev builds)
More by @pors
Published by @pors on ClawHub
