ClawHub

Auto-Update (OpenClaw + Skills)

v1.0.0

Auto-update OpenClaw and skills with OpenClaw cron, per-skill defaults, backups, and migration-aware summaries.

0· 934·11 current·11 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise (auto-update OpenClaw and skills) aligns with the required binaries (openclaw, clawhub), the control-folder under ~/auto-update/, and the runtime actions described (openclaw cron add, openclaw update, clawhub update). Nothing requested is unrelated to automated updating of OpenClaw and skills.
Instruction Scope
SKILL.md explicitly instructs reading and writing files under ~/auto-update/ and (optionally) inspecting OpenClaw workspace files (e.g., ~/.openclaw/*) and AGENTS.md/SOUL.md for workspace integration. These are reasonable for an updater, but they do mean the agent will access user home files and potentially workspace files — the skill documents this and asks for user approval before touching larger or sensitive scopes.
Install Mechanism
Instruction-only skill with no install spec or remote downloads. No code is written to disk by the skill itself beyond its own control files in ~/auto-update/. This is the lowest-risk install model and matches its purpose.
Credentials
The skill requests no environment variables or credentials. It does mention optional backups that could include sensitive files (e.g., ~/.openclaw/credentials/) but calls this out and requires explicit user decision. The absence of secret env requirements matches the updater purpose.
Persistence & Privilege
The skill encourages creating a persistent scheduled job (openclaw cron add) that will autonomously run updates; always:false is set. Autonomous scheduled runs are expected for an updater, but the user should understand this creates ongoing automation that will execute update commands the agent instructs.
Assessment
This skill is coherent with its purpose, but review and approve what it will touch before enabling automation: 1) Inspect the proposed ~/auto-update/* templates and per-skill rules so auto-update boundaries are explicit. 2) Run the safer 'notify-first' / dry-run (clawhub update --all --dry-run) before enabling apply mode. 3) Be cautious about allowing backups of sensitive files (e.g., ~/.openclaw/credentials) — only include those after explicit consent and consider encrypting backups. 4) If workspace integration is offered, review any AGENTS.md edits before applying. 5) Remember the cron job will autonomously run update commands with whatever permissions the agent/session has — enable only if you trust that environment and the specified policies.

Like a lobster shell, security has layers — review code before you run it.

latestvk979wy3da4hs899p8saz49da6982kna4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSLinux · macOS · Windows
Binsopenclaw, clawhub

Comments