ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Auto Updater Sxdg2

Automatically update OpenClaw and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of w...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 52 · 0 current installs · 0 all-time installs
byMat@gitchegumi
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The declared purpose — scheduling daily updates for OpenClaw and installed skills — matches the instructions (creating a cron job that runs openclaw update). However the SKILL.md also expects systemd (sudo systemctl restart openclaw) while the skill metadata claims Windows support; systemctl/cron are not available on Windows by default, so the cross-platform claim is inconsistent.
!
Instruction Scope
Instructions tell the agent to create a cron job that runs 'openclaw update --yes' and then restart the service via 'sudo systemctl restart openclaw'. Automatically applying updates with --yes means new code is pulled and will run without per-update approval. The doc also recommends granting passwordless sudo for service restarts — this elevates the updater's privileges. The skill does not instruct reading unrelated files, but it does rely on system-wide actions and will cause arbitrary updated code to be executed as part of normal update/install steps.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or installed by the skill itself.
!
Credentials
The skill declares no required environment variables or credentials, but its recommended setup explicitly requires system-level privileges (passwordless sudo) and systemd access. Asking the user to enable passwordless sudo for the Gateway user and permitting service restarts is a high-privilege requirement not reflected in metadata and increases risk if updates are compromised.
Persistence & Privilege
The skill creates a persistent cron job to run updates daily (persistent presence by design). always:false so it won't be force-included, but autonomous agent invocation plus an automatic cron job that runs update --yes amplifies supply-chain risk: updates will be applied unattended on a schedule. That combination is intended but raises security concerns.
What to consider before installing
This skill will set up an unattended daily updater that runs 'openclaw update --yes' and restarts the OpenClaw service via systemd. Before installing: - Consider NOT using unattended auto-apply (--yes) so you can review updates before they run. - Do not enable passwordless sudo lightly; if you must, restrict it tightly to the specific systemctl command and user. - Verify that your platform actually uses cron and systemd; the SKILL.md references systemctl and cron but the skill advertises Windows support — on Windows you'd need a different mechanism (Task Scheduler) and there is no systemctl. - Understand that updates can change or add executable code (supply-chain risk). Only enable automatic updates if you trust OpenClaw's update sources and signature/verification processes; consider limiting automatic updates to the core and requiring manual approval for third-party skills. - If you proceed, run the setup manually first and audit the created cron job and the exact command it will run; test updates in a non-production environment. - If you want stronger controls, modify the cron job to run 'openclaw update status' (notify) and require a manual 'openclaw update' to apply changes.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk976zv3zk2366es8k1jp9cxhrd83dd7c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSWindows · macOS · Linux

SKILL.md

Auto-Updater Skill

Keep your OpenClaw and skills up to date automatically with daily update checks.

What It Does

This skill sets up a daily cron job that:

  1. Updates OpenClaw itself (via openclaw update)
  2. Updates all installed skills/plugins
  3. Restarts the service via sudo systemctl restart openclaw
  4. Messages you with a summary of what was updated

Setup

Quick Start

Ask OpenClaw to set up the auto-updater:

Set up daily auto-updates for yourself and all your skills.

Or manually add the cron job:

openclaw cron add \
  --name "Daily Auto-Update" \
  --cron "0 4 * * *" \
  --tz "America/Chicago" \
  --session isolated \
  --wake now \
  --deliver \
  --message "Run daily auto-updates: run 'openclaw update --yes' followed by 'sudo systemctl restart openclaw'. Update skills and report what was updated."

Configuration Options

OptionDefaultDescription
Time4:00 AMWhen to run updates (use --cron to change)
TimezoneAmerica/ChicagoSet with --tz
DeliveryMain sessionWhere to send the update summary

How Updates Work

OpenClaw Updates

The primary update command used is:

openclaw update --yes && sudo systemctl restart openclaw

This updates the core CLI, builds any source checkouts, and updates all installed plugins/skills.

Skill Updates

Skills are updated as part of the openclaw update command. To update skills specifically:

openclaw skills update --all

Update Summary Format

After updates complete, you'll receive a message like:

🔄 Daily Auto-Update Complete

**OpenClaw**: Updated to v2026.2.2-3 (was v2026.2.1)

**Skills Updated (3)**:
- discord: 2.0.3 → 2.0.4
- browser: 1.2.0 → 1.2.1  
- nano-banana-pro: 3.1.0 → 3.1.2

**Skills Already Current (5)**:
gemini, weather, reddit, twitter, yahoo-finance

Service restarted successfully via systemd.

Manual Commands

Check for updates without applying:

openclaw update status

View current skill versions:

openclaw skills list

Check OpenClaw version:

openclaw --version

Troubleshooting

Updates Not Running

  1. Verify cron is enabled: check cron.enabled in config
  2. Confirm Gateway is running continuously
  3. Check cron job exists: openclaw cron list

Update Failures

If an update fails, the summary will include the error. Common fixes:

  • Permission errors: Ensure the Gateway user has passwordless sudo for systemctl restart openclaw.
  • Network errors: Check internet connectivity
  • Package conflicts: Run openclaw doctor to diagnose

Disabling Auto-Updates

Remove the cron job:

openclaw cron remove "Daily Auto-Update"

Or disable temporarily in config:

{
  "cron": {
    "enabled": false
  }
}

Resources

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…