ClawHub

My Auto Updater

v1.0.0

Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of w...

0· 73·1 current·1 all-time
by@rockyzhuo·fork of @maximeprades/auto-updater (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the actions in SKILL.md: adding a cron job, running Clawdbot/package-manager commands, and running clawdhub to update skills. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions tell the agent to run update commands, create an optional helper script in the user's home (~/.clawdbot/scripts/auto-update.sh), log to ~/.clawdbot/logs/auto-update.log, and emit a simple update summary for the agent to parse. These actions are in-scope for an auto-updater, but they will perform writes to the user's home and execute package-manager commands that modify system state (including global npm/pnpm/bun updates and running 'clawdbot doctor').
Install Mechanism
Instruction-only skill with no install spec or downloaded code. No archive downloads or external install URLs. This is a low-risk install surface from a packaging/install perspective.
Credentials
The skill declares no required env vars, credentials, or config paths. The SKILL.md uses standard local paths under the user's home and only references commands (clawdbot, clawdhub, npm/pnpm/bun) relevant to the stated task.
Persistence & Privilege
always is false and the skill is user-invocable (normal). The skill recommends creating a cron job (persistent behavior) and suggests using an 'isolated' session. Because it updates installed skills automatically, granting it scheduled execution does carry supply-chain risk (it will accept and install new skill versions from the registry if available).
Assessment
This skill is internally coherent for auto-updating Clawdbot and installed skills, but take care before enabling automatic updates: - Supply-chain risk: automatic updates will install new versions of skills from the registry. Only enable this if you trust the registry and the maintainers of installed skills. Consider running 'clawdhub update --all --dry-run' first. - Permissions: global package updates may require elevated permissions; avoid running scheduled updates as root. Fix directory ownerships instead of granting broad sudo where possible. - Use isolation and review logs: prefer the recommended 'isolated' session, and review ~/.clawdbot/logs/auto-update.log and the update summary after runs. - Consider staged rollout: start with dry-run or weekly updates, or restrict to a curated list of skills rather than --all, if you rely on specific skills for critical workflows. - Backups and recovery: ensure you have a way to roll back or reinstall if an update causes breakage; keep a snapshot of important configurations. If you want extra safety, ask the agent to perform only the dry-run and produce the update summary for your manual approval before applying updates.

Like a lobster shell, security has layers — review code before you run it.

latestvk9737c0as9j0p6tmxxy1f7z5as83jrkb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSmacOS · Linux

Comments