ClawHub

Auto Updater Hold

v1.0.0

Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of w...

0· 63·0 current·1 all-time
byNinwonk Wang@ninwonk·fork of @maximeprades/auto-updater (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the actions in SKILL.md and references: the skill sets up a cron job and runs commands to update Clawdbot and installed skills (npm/pnpm/bun global updates, clawdbot update, clawdhub update --all). Nothing requested (no env vars, no unrelated binaries) is out of scope for an updater.
Instruction Scope
Instructions ask the agent to create a script under ~/.clawdbot, write logs, run package manager commands and clawdbot/clawdhub commands, and add a cron job. These are expected for an auto-updater, but they will perform privileged operations (global npm/pnpm updates or writing skill directories) and require network access and appropriate filesystem permissions; the guide also suggests possibly delivering summaries to external providers (e.g., Telegram) depending on user configuration.
Install Mechanism
No install spec and no code files beyond instruction and example scripts — nothing is downloaded or extracted by the skill itself. This is the lowest-risk install posture for an updater skill.
Credentials
The skill declares no environment variables or credentials and the runtime instructions only use local commands and user-home paths. It does not request unrelated secrets or config paths.
Persistence & Privilege
The skill persists by adding a cron job and may write a helper script and logs into the user's home (~/.clawdbot). always:true is not set. This is expected for a scheduled updater, but note it creates persistent behavior (automated, recurring updates) and will run commands that can modify installed software.
Assessment
This skill appears coherent for automatic updates, but be aware of what it will do before enabling it: it will create files under ~/.clawdbot and add a daily cron job that runs package-manager and update commands which may require elevated privileges and network access. Review which delivery/notification provider is configured (so summaries aren't sent to an unexpected external account). If you want to be cautious: run the update commands manually first (or use --dry-run), ensure you have backups/config snapshots, avoid running the cron as root, and confirm the list of installed skills you trust (clawdhub list). If you need stricter control, schedule less-frequent runs or require manual approval before applying updates.

Like a lobster shell, security has layers — review code before you run it.

latestvk9713ypcskpmxk3ev8a5ajhtyh83mhfj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSmacOS · Linux

Comments