ClawHub

Skill Update

v1.0.0

Safely update skills with preview, migration support, and user validation. Never lose data or break workflows.

5· 1.5k·16 current·16 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the files describe checking for updates, creating previews, taking backups, performing migrations, and rolling back. There are no unrelated required env vars, binaries, or config paths that don't belong to an updater tool.
Instruction Scope
The runtime instructions explicitly direct the agent to read and write skill folders, copy backups to ~/.clawhub/backups/, inspect SKILL.md and other files, and run npx clawhub commands to fetch versions. These actions are coherent with an update/migration tool but do require file-system access and network fetches — the user should be aware the agent will read and modify local skill data when performing updates or migrations.
Install Mechanism
No install spec or code is included (instruction-only). The docs reference npx clawhub fetch/info/outdated which will cause network downloads when run; this is expected for fetching skill updates but means the actual fetch/install step pulls from npm/registry at runtime rather than being bundled with the skill files.
Credentials
The skill requests no credentials, env vars, or config paths. Its suggested filesystem targets (e.g., ~/.clawhub/backups and ~/.clawhub/skills/<slug>) are appropriate for a skill-management tool and proportionate to the stated purpose.
Persistence & Privilege
always:false and normal autonomous invocation are set. The skill does instruct making backups and modifying skill files, but it does not request elevated privileges or to persist beyond its own operations. Nothing indicates it modifies other skills' configs beyond performing backups/migrations on the target skill as intended.
Assessment
This skill is an updater-style instruction bundle and will read and modify local skill folders, create backups under ~/.clawhub/backups/, and use npx clawhub to fetch versions (network downloads at runtime). Before using it: (1) ensure you trust the source of clawhub packages and the registry you will fetch from, (2) verify you are comfortable allowing the agent to read/write your ~/.clawhub/skill directories, (3) confirm backups are stored where you expect and review them before deletion, and (4) consider asking the agent to show the preview/diff and request explicit approval before applying changes. If you prefer manual control, do the fetch/inspect/restore steps yourself rather than allowing autonomous updates.

Like a lobster shell, security has layers — review code before you run it.

latestvk979rf48x993kbp6gzqpzbmxwh80z91n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments