ClawHub

Auto Updater.Tmp

v1.0.0

Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of w...

0· 57·0 current·1 all-time
bylaner@kelaner·fork of @maximeprades/auto-updater (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and reference docs consistently state the same goal: schedule daily checks and run Clawdbot/clawdhub update commands. There are no unrelated env vars, binaries, or config paths requested.
Instruction Scope
The instructions instruct the agent to create a helper script under ~/.clawdbot, add a cron job via clawdbot cron, run package-manager commands (npm/pnpm/bun global updates, clawdbot update) and clawdhub update --all, and write logs to ~/.clawdbot/logs. This is in-scope for an auto-updater but implies executing arbitrary third-party update code and writing persistent logs; the skill does not add integrity/verification steps for updates.
Install Mechanism
Instruction-only skill (no install spec, no code files beyond docs). No downloads or archive extraction are performed by the skill itself — lowest install risk from this package.
Credentials
The skill declares no required env variables or credentials. It may require filesystem write permissions for ~/.clawdbot and appropriate privileges to run global package updates (which is expected), but it does not request unrelated secrets or creds.
Persistence & Privilege
The skill recommends creating a persistent cron job (via clawdbot cron add) and a helper script under the user's home directory. always:false is set (not force-enabled). This persistent scheduling is expected but changes the system's behavior over time and should be approved by the user.
Assessment
This skill is coherent with its stated purpose, but auto-updating software is a high-impact action — it will run package-manager update commands and install updated skills from whatever registry your ClawdHub uses. Before enabling: 1) Verify you trust the ClawdHub registry and the source of skill updates; automatic updates can install malicious or broken code. 2) Run clawdhub update --all --dry-run and test the helper script manually first to see expected output. 3) Ensure the cron job runs under the correct (non-root) user and that permissions for ~/.clawdbot are appropriate. 4) Keep backups or enable rollback mechanisms for critical configs. 5) Consider limiting automatic updates to specific skills or running them on a weekly cadence until you're comfortable. 6) Review logs in ~/.clawdbot/logs and configure delivery (e.g., do not send update summaries to untrusted external endpoints). If you want, test the flow manually once before enabling daily automation.

Like a lobster shell, security has layers — review code before you run it.

latestvk971pq317tn649j4znkr94pn5183pxqa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSmacOS · Linux

Comments