ClawHub

Auto Updater.Local

v1.0.0

Automatically update Clawdbot and all installed skills once daily. Runs via cron, checks for updates, applies them, and messages the user with a summary of w...

0· 95·4 current·6 all-time
byRiven@wenlavril·fork of @maximeprades/auto-updater (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (daily updater for Clawdbot and skills) match the instructions: the SKILL.md and references describe creating a cron job, running clawdbot/clawdhub update commands, and reporting results. The required actions (running package manager updates, running clawdbot commands, invoking clawdhub) are expected for this purpose.
Instruction Scope
Instructions run local commands, create a helper script under ~/.clawdbot/scripts/auto-update.sh, write logs to ~/.clawdbot/logs/auto-update.log, and echo a parseable summary block for the agent. These behaviors are within scope for an updater, but they do give the skill the ability to change installed software and capture command output (which could include sensitive text if some tool prints it). The SKILL.md does not attempt to read unrelated system secrets or external unexpected endpoints.
Install Mechanism
This is an instruction-only skill with no install spec and no downloads. No archives, third-party registries, or remote URLs are pulled by the skill itself — updates occur via the platform's existing package managers and ClawdHub, which is consistent with an updater. Low install-surface risk from the skill bundle itself.
Credentials
The skill declares no required environment variables or credentials and the instructions don't request unrelated secrets. It uses standard environment context such as $HOME for logs and relies on installed tools (npm/pnpm/bun/clawdbot/clawdhub), which is proportionate for updating software.
Persistence & Privilege
The skill suggests adding a cron job (via clawdbot cron add) so it will run autonomously on schedule; always:false (not force-enabled). Autonomous scheduling is expected for an updater, but it grants ongoing ability to modify installed code on a schedule — a real operational privilege that users should accept consciously.
Assessment
This skill looks coherent for automatically updating Clawdbot and installed skills, but automatic updaters inherently modify installed code and pull updates from package registries. Before enabling: 1) run clawdhub update --all --dry-run to preview changes; 2) inspect the generated script (~/.clawdbot/scripts/auto-update.sh) and the cron entry (clawdbot cron list) before enabling; 3) check the first run's log at ~/.clawdbot/logs/auto-update.log and the echoed summary; 4) ensure you trust the ClawdHub/registry sources and have backups or a rollback plan (or prefer manual approval); 5) be aware updates may require elevated permissions (sudo) or change system state — prefer running updates in an isolated session as recommended. If you want stronger safeguards, require manual review before applying updates or limit the updater to dry-run reporting only.

Like a lobster shell, security has layers — review code before you run it.

latestvk975y05w46na6f8xn09cp8mn5x83bes7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
OSmacOS · Linux

Comments