Auto Updater 1.0.0
v1.0.0Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of what changed.
⭐ 2· 1.8k·67 current·82 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (daily auto-update of Clawdbot and installed skills) matches the instructions: create a cron job, optionally write a helper script under ~/.clawdbot/scripts/, run package-manager or source update commands and clawdhub update --all, then report results. Nothing requested (no env vars, no extra binaries) is out of scope for an updater.
Instruction Scope
The SKILL.md instructs the agent to read installation type indicators (global npm/pnpm/bun, ~/.clawdbot/.git), write a helper script to ~/.clawdbot/scripts/auto-update.sh, write logs to ~/.clawdbot/logs, and add a cron job via clawdbot cron. These actions are expected for an updater, but they do give the skill the ability to persist code and run commands automatically on the host and to read/write user home paths — so users should be aware the updater will execute code (package manager updates, clawdhub) on their behalf.
Install Mechanism
There is no install spec and no downloads. This is instruction-only: it relies on existing system tools (clawdbot, clawdhub, npm/pnpm/bun) already present. That is the lowest-risk install mechanism for this functionality.
Credentials
The skill declares no required environment variables, no credentials, and no config paths beyond writing to ~/.clawdbot. The file reads/writes referenced in the instructions are proportional to performing automatic updates and logging.
Persistence & Privilege
The skill recommends adding a cron job (via clawdbot cron add) and optionally writing a persistent script and logs to the user's home. It does not set always:true and does not request elevated platform privileges. Persisting a cron job is expected, but users should understand it enables autonomous periodic execution of update commands (which will fetch and run new code from package registries and the skill registry).
Assessment
This skill appears to do what it says — set up a daily cron job that runs clawdbot and clawdhub update commands and logs the results — but there are important practical risks to consider before enabling automatic updates:
- Source provenance: the skill's source/homepage is unknown. Confirm Clawdbot and ClawdHub are official and that the registry owner is trustworthy before giving them automated update privileges.
- Supply-chain risk: automatic updates run code fetched from package managers and the skills registry. If a registry/package is compromised or a malicious package is published, the cron job could install and execute that code.
- Review generated files: the skill writes a helper script to ~/.clawdbot/scripts/auto-update.sh and logs to ~/.clawdbot/logs/auto-update.log. Inspect those files before first run and after upgrades.
- Run dry-runs and least-privilege: test with clawdhub update --all --dry-run first and avoid running updates as root; prefer an isolated session as suggested. Consider limiting updates to specific, pinned packages or requiring manual approval for core updates.
- Backups and rollback: ensure you have backups and a rollback plan in case an update breaks your environment.
If you want higher assurance, ask the skill author for source code or an official homepage, or only enable periodic alerts (dry-run) until you validate the update sources. If you cannot verify the origin of Clawdbot/ClawdHub packages and the registry owner, treat automated 'update all' behavior as higher risk.Like a lobster shell, security has layers — review code before you run it.
latestvk971hdxmc5677zf13912gphfd57zwb1f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔄 Clawdis
OSmacOS · Linux