Auto Updater.Disabled

v1.0.0

Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of w...

⭐ 0· 78·1 current·1 all-time

by@xiyuechuimeng·fork of @maximeprades/auto-updater (1.0.0)

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xiyuechuimeng/auto-updater-disabled.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Auto Updater.Disabled" (xiyuechuimeng/auto-updater-disabled) from ClawHub.
Skill page: https://clawhub.ai/xiyuechuimeng/auto-updater-disabled
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install auto-updater-disabled

ClawHub CLI

Package manager switcher

npx clawhub@latest install auto-updater-disabled

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The SKILL.md clearly depends on clawdbot, clawdhub and optionally npm/pnpm/bun, but the skill metadata declares no required binaries or environment. The registry slug/name also differ (registry lists 'auto-updater-disabled' while _meta.json uses 'auto-updater') and ownerId values in the provided metadata differ — these mismatches are inconsistent and should be clarified before use.

Instruction Scope

Runtime instructions create a cron job and an update script that will automatically run package managers and 'clawdhub update --all' to fetch and apply new versions. That behavior is consistent with an auto-updater, but automatically applying updates for all installed skills without verification is a high-risk action because updates are arbitrary code execution. The docs do not require signatures, review, or default to dry-run; they do show a dry-run option but the default suggested setup applies changes.

✓

Install Mechanism

This is an instruction-only skill with no install spec and no downloaded archives or external installers. Nothing writes binary code to disk as part of installing the skill itself (the skill writes a helper script under the user's home if the user follows instructions).

ℹ

Credentials

The skill requests no environment variables or credentials (declared or in instructions). However, it performs operations that may require elevated permissions (global npm/pnpm/bun updates) and network access. That operational privilege is proportionate to updating software, but it increases risk: auto-updating can introduce arbitrary remote code without user review.

✓

Persistence & Privilege

The skill is not 'always: true' and is user-invocable. It writes files under the user's home (~/.clawdbot) and registers a cron job via clawdbot's cron functionality, which is expected for an auto-updater. It does update other skills (its declared purpose) but does not request persistent elevated platform privileges beyond normal cron/service usage.

What to consider before installing

This SKILL.md implements a legitimate auto-update flow, but you should be cautious before enabling automatic, unattended updates. What to check before installing: - Metadata mismatches: confirm the skill slug/owner in the registry match the included _meta.json and that the source is trustworthy. - Verify tools exist: the instructions assume 'clawdbot' and 'clawdhub' (and possibly npm/pnpm/bun). The skill metadata should declare these; if they aren't present the setup will fail. - Prefer dry-runs and manual approval: schedule checks (clawdhub update --all --dry-run) or have the cron only report available updates rather than auto-applying them. Automatic apply means code from the registry will run on your system without per-update review. - Restrict permissions: run the updater as a non-root, unprivileged user where possible to limit the blast radius if a malicious update is applied. - Add verification: if your environment supports package signing or checksums, require verification before applying updates; consider pinning critical skills. - Backup & logging: ensure the script's logs and a rollback plan exist (e.g., snapshots or the ability to reinstall a previous version). If you want a safer default, ask the skill (or author) to change the setup to: (1) perform daily checks and notify with a summary, (2) require an explicit 'apply updates' action from you, or (3) default to dry-run and provide an opt-in flag to auto-apply.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔄 Clawdis

OSmacOS · Linux

latestvk97f0v33a071qt5jh1r48wg20x8420gk

78downloads

0stars

1versions

Updated 3w ago

v1.0.0

MIT-0

macOS, Linux

Auto-Updater Skill

Keep your Clawdbot and skills up to date automatically with daily update checks.

What It Does

This skill sets up a daily cron job that:

Updates Clawdbot itself (via clawdbot doctor or package manager)
Updates all installed skills (via clawdhub update --all)
Messages you with a summary of what was updated

Setup

Quick Start

Ask Clawdbot to set up the auto-updater:

Set up daily auto-updates for yourself and all your skills.

Or manually add the cron job:

clawdbot cron add \
  --name "Daily Auto-Update" \
  --cron "0 4 * * *" \
  --tz "America/Los_Angeles" \
  --session isolated \
  --wake now \
  --deliver \
  --message "Run daily auto-updates: check for Clawdbot updates and update all skills. Report what was updated."

Configuration Options

Option	Default	Description
Time	4:00 AM	When to run updates (use `--cron` to change)
Timezone	System default	Set with `--tz`
Delivery	Main session	Where to send the update summary

How Updates Work

Clawdbot Updates

For npm/pnpm/bun installs:

npm update -g clawdbot@latest
# or: pnpm update -g clawdbot@latest
# or: bun update -g clawdbot@latest

For source installs (git checkout):

clawdbot update

Always run clawdbot doctor after updating to apply migrations.

Skill Updates

clawdhub update --all

This checks all installed skills against the registry and updates any with new versions available.

Update Summary Format

After updates complete, you'll receive a message like:

🔄 Daily Auto-Update Complete

**Clawdbot**: Updated to v2026.1.10 (was v2026.1.9)

**Skills Updated (3)**:
- prd: 2.0.3 → 2.0.4
- browser: 1.2.0 → 1.2.1  
- nano-banana-pro: 3.1.0 → 3.1.2

**Skills Already Current (5)**:
gemini, sag, things-mac, himalaya, peekaboo

No issues encountered.

Manual Commands

Check for updates without applying:

clawdhub update --all --dry-run

View current skill versions:

clawdhub list

Check Clawdbot version:

clawdbot --version

Troubleshooting

Updates Not Running

Verify cron is enabled: check cron.enabled in config
Confirm Gateway is running continuously
Check cron job exists: clawdbot cron list

Update Failures

If an update fails, the summary will include the error. Common fixes:

Permission errors: Ensure the Gateway user can write to skill directories
Network errors: Check internet connectivity
Package conflicts: Run clawdbot doctor to diagnose

Disabling Auto-Updates

Remove the cron job:

clawdbot cron remove "Daily Auto-Update"

Or disable temporarily in config:

{
  "cron": {
    "enabled": false
  }
}

Resources

Comments

Loading comments...