ClawHub

Auto-Updater (Windows Compatible)

v1.0.3

Set up and maintain automatic OpenClaw + skill updates on Windows/macOS/Linux. Use when a user asks for scheduled updates, manual update runs, update health...

0· 217·2 current·2 all-time
byYaodong Yu@leo220yuyaodog·fork of @maximeprades/auto-updater (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (auto-updating OpenClaw and installed skills) match the SKILL.md and reference files: git, pnpm, npx clawhub, and openclaw commands are exactly the tools you would expect for that task. There are no unrelated environment variables, binaries, or config paths requested.
Instruction Scope
Instructions are narrowly focused on pulling/building OpenClaw, restarting the gateway, running clawhub updates, and creating conservative schedules. One minor vagueness: 'summary delivery' and 'isolated agentTurn runs' are mentioned but the SKILL.md does not explicitly name where summaries are delivered (e.g., local log, UI, or external webhook). This is an implementation detail to confirm before enabling automated scheduling.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is downloaded or written to disk by the skill itself. This is the lowest-risk install model.
Credentials
The skill requires no environment variables, no credentials, and no config-path access. All commands operate on repository and runtime home paths provided by the user, which is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill is user-invocable; autonomous invocation is allowed by platform default but the skill does not request elevated or persistent privileges. There is no attempt to modify other skills' configs or request system-wide settings.
Assessment
This skill appears coherent for safely automating OpenClaw updates, but before enabling automation: (1) verify the exact paths to <openclaw-repo> and <openclaw-home> and back up important data before running builds/updates; (2) test manual runs of the listed commands to confirm openclaw, pnpm, git, and npx clawhub behave as expected on your system; (3) confirm where update summaries will be posted/logged so sensitive info isn't sent to an external endpoint; and (4) on Windows run in native PowerShell/cmd and ensure 'bash' resolves to Git Bash/MSYS if a build step needs it. If you want to limit risk, run the updater manually or keep scheduling disabled until you're satisfied with a manual test run.

Like a lobster shell, security has layers — review code before you run it.

latestvk979actcyd8rgwvpdth5sa17a582vep0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments