Auto-Updater Skill
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: auto-updater Version: 1.0.0 The 'auto-updater' skill is designed to automatically update Clawdbot and all installed skills via a daily cron job. The `SKILL.md` and `references/agent-guide.md` files contain instructions for the AI agent to set up a shell script (`auto-update.sh`) and a cron job. This script executes legitimate update commands (`npm update -g`, `pnpm update -g`, `bun update -g`, `clawdbot update`, `clawdbot doctor`, `clawdhub update --all`), logs actions locally, and provides a structured summary. While the skill has broad system access necessary for its function, there is no evidence of intentional malicious behavior such as data exfiltration, unauthorized remote execution, persistence beyond the stated cron job, or prompt injection designed to subvert the agent's purpose or security.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad, broken, or incompatible update could change how the agent behaves across many tasks without the user approving each change.
The skill directs the agent to run broad update operations that can change the core agent and every installed skill, not just this skill.
Updates Clawdbot itself ... Updates all installed skills (via `clawdhub update --all`)
Use a dry-run or manual review workflow before applying updates, and consider limiting updates to specific trusted skills or requiring confirmation for core-agent updates.
If an upstream package or skill release is compromised or unexpectedly changes behavior, the daily job could install it automatically.
The update flow pulls latest versions from external package/skill sources on a schedule, with no artifact-backed pinning, allowlist, changelog review, or per-version approval.
npm update -g clawdbot@latest ... clawdhub update --all
Prefer pinned or reviewed versions, verify update sources, and require user approval before installing new core or skill versions.
The updater will continue running daily and making changes even after the initial setup conversation is over.
The skill creates a persistent scheduled agent task. This is disclosed and central to the purpose, but users should notice that it keeps operating until removed.
clawdbot cron add ... --cron "0 4 * * *" ... --message "Run daily auto-updates..."
Only enable it if you want ongoing autonomous updates, and keep the provided removal command available: `clawdbot cron remove "Daily Auto-Update"`.
Running updater commands with elevated permissions would increase the impact of a bad update or mistaken command.
Global package updates may require elevated local permissions. The artifact does not force sudo, but it acknowledges privileged update paths.
Permission denied → suggest `sudo` or fixing permissions
Avoid giving the updater unnecessary administrator privileges; fix file ownership or use a least-privilege install path where possible.