OpenClaw更新检查

v1.0.0

每日检查 OpenClaw 最新版本和 Release Note，分析更新必要性并推送详细更新建议给用户，不主动执行更新。

⭐ 0· 511·8 current·8 all-time

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for noir-hedgehog/openclaw-update-check.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "OpenClaw更新检查" (noir-hedgehog/openclaw-update-check) from ClawHub.
Skill page: https://clawhub.ai/noir-hedgehog/openclaw-update-check
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install noir-hedgehog/openclaw-update-check

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-update-check

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The stated purpose (daily check of OpenClaw releases, summarize Release Notes, and push recommendations) is coherent with the instructions to call an 'openclaw' command, fetch GitHub releases, and send messages. However metadata lists no required binaries or credentials even though the SKILL.md explicitly relies on the local 'openclaw' executable and Feishu messaging; that's an unexplained omission.

Instruction Scope

SKILL.md instructs the agent to run 'openclaw update status' / 'openclaw version', to fetch GitHub releases (web_fetch), and to push results via Feishu (feishu_doc/message). The doc does not explain authentication for Feishu or how credentials are provided, and it does not declare that the host must have the 'openclaw' binary available. It also suggests configuring a daily cron job (persistence outside the agent). These gaps grant the skill discretion to execute local commands and send data externally without specifying how that external access is authorized.

✓

Install Mechanism

Instruction-only skill with no install steps and no code files. This lowers install-time risk because nothing is written to disk by an installer. Runtime actions (exec/web_fetch) remain the primary surface.

Credentials

The skill will need Feishu credentials (API token/webhook) to push messages and relies on the local 'openclaw' binary, but requires.env is empty and required binaries lists none — a clear mismatch. Requiring no credentials while instructing outgoing messaging is disproportionate and under-specified.

ℹ

Persistence & Privilege

always:false (good). SKILL.md suggests configuring a cron job for daily checks, which is an external persistence mechanism the user would set up. Agent autonomous invocation is allowed by default (disable-model-invocation:false) but that alone is not flagged — combine this with the missing credential declarations before allowing autonomous runs.

What to consider before installing

This skill appears to do what it says (check OpenClaw releases and recommend updates) but there are two important mismatches you should address before installing or enabling it: 1) The runtime instructions call the local 'openclaw' command, yet the skill metadata does not list any required binaries — confirm that the host will have the correct 'openclaw' binary and that you are comfortable allowing the agent to run it. 2) The skill promises to push recommendations via Feishu (feishu_doc/message) but declares no required environment variables or credentials — verify how Feishu authentication will be provided (API token, webhook, bot credentials), where those secrets will be stored, and who can read/send messages using them. Additional practical checks: - Ask the publisher (or inspect skill source) for details about Feishu integration and exact message endpoints; avoid providing global/overly-permissive tokens. - Prefer an implementation that requires explicit environment variables for Feishu and documents required binaries. - If you plan to run this on a schedule, configure the cron job yourself rather than relying on autonomous agent scheduling; ensure the agent's ability to run autonomously is limited if you don't want unattended pushes. - Because source/homepage is unknown, treat provenance as low: prefer skills from known publishers or require code inspection before granting message-sending privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a7sjcht9ysnbfj1kztjkp1182afxhmonitorvk97a7sjcht9ysnbfj1kztjkp1182afxhopenclawvk97a7sjcht9ysnbfj1kztjkp1182afxhupdatevk97a7sjcht9ysnbfj1kztjkp1182afxh

511downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

OpenClaw 更新检查技能

概述

每日检查 OpenClaw 是否有新版本，获取 Release Note，分析是否需要更新，并推送建议给用户（不主动更新）。

功能

1. 检查更新状态

使用 openclaw update status 或 openclaw version 获取当前版本和最新版本信息。

2. 获取 Release Note

从 GitHub releases 页面获取最新的 Release Note：

URL: https://github.com/openclaw/openclaw/releases
使用 web_fetch 工具获取内容

3. 分析是否需要更新

根据 Release Note 分析：

重要功能更新：新功能对用户有帮助
安全更新：涉及安全性
Breaking Changes：可能导致配置不兼容
Bug 修复：修复重要问题

4. 推送建议

通过飞书向用户推送更新建议，包含：

当前版本 vs 最新版本
Release Note 摘要
是否建议更新
原因说明

工具

exec: 执行 openclaw 命令
web_fetch: 获取 GitHub releases 页面
feishu_doc 或 message: 推送消息给用户

使用方式

手动触发

用户发送"检查更新"或类似指令时执行。

定时任务（每日）

配置 cron job 每日执行检查。

示例输出

## OpenClaw 更新检查

### 当前版本
v2026.2.26

### 最新版本
v2026.x.xx

### Release Note 摘要
- 新功能：PDF 分析工具
- 改进：MiniMax M2.5 支持
- Bug 修复：...

### 更新建议
根据 Release Note，建议 [更新/暂不更新]

原因：
1. 有新的重要功能
2. 存在 Breaking Changes，需要检查配置
3. ...

注意事项

不主动执行更新，只提供建议
分析 Breaking Changes 提醒用户注意
提供更新命令供用户参考（如需更新）

Comments

Loading comments...