CrazyOzzy Auto Updater
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is transparent about setting up automatic updates, but it would let a recurring agent job change OpenClaw and every installed skill without per-update review.
Only enable this if you want unattended scheduled updates of OpenClaw and every installed skill. Prefer a dry-run or confirmation-first schedule at first, keep a rollback plan, review the publisher/provenance, and make sure you know how to disable the scheduled job.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future scheduled run could change or break the assistant and installed skills before you review the exact updates.
This instructs a scheduled agent to run local update tools that mutate the OpenClaw runtime and every installed skill. The artifacts do not define per-update approval, pinning/exclusions, rollback, or failure containment.
Use an **isolated scheduled agent turn** that: 1. Runs `openclaw update` ... 2. Runs `clawhub update --all`
Use dry-run or confirmation-first setup for initial runs, keep backups or rollback plans, pin or exclude sensitive skills, and review update summaries.
The updater may continue running on its schedule and making changes even when you are not actively using the agent.
The recurring scheduled job is disclosed and matches the purpose, but it is persistent automation that will keep running after setup unless disabled.
This skill helps set up an automated job that: 1. Updates **OpenClaw** itself 2. Updates installed skills via **ClawHub**
Confirm the schedule, notification path, and disable/removal process before enabling it.
It is harder to verify who published or maintained a skill that can configure broad automatic updates.
The embedded owner ID differs from the registry owner ID shown in the provided metadata, and the registry lists the source as unknown with no homepage. Because this is instruction-only, this is a provenance note rather than direct malicious behavior.
"ownerId": "kn73fehpspmvrqqdvz7jjdb50d7z4h5s"
Verify the publisher and install only from a trusted registry/source before enabling unattended updates.