ClawHub

ClawHub Auto Updater

v1.0.0

Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of w...

0· 52·1 current·1 all-time
byKendrick Lu@kendrick-lu·duplicate of @gwsq/auto-updater-1-0-0-1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the instructions: setting up a cron job, running clawdbot/clawdhub update commands, and reporting results. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the agent guide instruct creating a helper script under ~/.clawdbot, writing logs to ~/.clawdbot/logs, and adding a cron job that runs update commands (npm/pnpm/bun, clawdbot update, clawdhub update --all). These are within scope for an auto-updater, but they do grant the skill the ability to run arbitrary upstream-installed update commands and write to the user's home directory. Review the script and understand that updates pull code from upstream registries (npm/git), which implies trusting those sources.
Install Mechanism
Instruction-only skill with no install spec and no downloaded artifacts — lowest install risk. It relies on existing system tooling (npm/pnpm/bun/clawdhub/clawdbot).
Credentials
No environment variables, credentials, or config paths are requested. The guidance references delivery providers (e.g., Telegram) only as configuration examples; the skill does not ask for tokens or secrets itself.
Persistence & Privilege
The skill recommends creating a cron job and a script under the user's home directory (~/.clawdbot). This is expected for an auto-updater and is not set to always:true. Users should be aware this gives scheduled execution ability on their account (standard for cron).
Assessment
This skill appears to do what it says, but review and accept these tradeoffs before enabling: - Review the proposed auto-update script (~/.clawdbot/scripts/auto-update.sh) before installing to ensure you understand what will run and where logs are written. - Auto-updates run package-manager or git updates, which execute code from upstream sources (npm, pnpm, bun, git). Only enable automated updates if you trust those upstream sources or are comfortable with changes being applied automatically. - Run a dry-run first: use `clawdhub update --all --dry-run` to see what would change. - Be prepared for permission issues (global updates may need sudo) and for migrations (the script runs `clawdbot doctor --yes`, which may apply changes automatically). - Ensure the delivery channel for summaries (where the agent posts update results) is properly configured and secure; the skill itself does not request tokens but may send update summaries to configured providers. - If you rely on critical skills, consider pinning versions or using a staged update policy (test updates before enabling daily automatic application). If you want, I can produce a hardened variant of the script that: uses checksums, limits what gets updated automatically, rotates logs, or notifies you for approval before applying updates.

Like a lobster shell, security has layers — review code before you run it.

latestvk973dnm9mchdc1jvn71dfrxa8984r9jk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSmacOS · Linux

Comments