If you're building software that needs to update itself in production, this skill walks you through the security landmines. It flags auto-update systems as high risk (rightfully so, one bad push hits your entire user base) and references specific patterns like signature verification, staged rollouts, and rollback mechanisms. The mandatory reading protocol points to threat models and examples of CVEs like the signature verification bypass. Honestly, the paranoia here is warranted. Auto-updates are one of those features where getting it wrong means you've built an excellent malware distribution system. Worth having this checklist in your context before you wire up that update endpoint.
npx skills add https://github.com/martinholovsky/claude-skills-generator --skill auto-update-systems-expert