← Back to Skills Marketplace
ruiwang20010702

Smart Auto Updater

by 王睿 Ray · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
2817
Downloads
3
Stars
22
Active Installs
1
Versions
Install in OpenClaw
/install smart-auto-updater
Description
Smart auto-updater with AI-powered impact assessment. Checks updates, analyzes changes, evaluates system impact, and decides whether to auto-update or just report. Perfect for hands-off maintenance with safety guarantees.
README (SKILL.md)

Smart Auto-Updater

AI-powered auto-updater that intelligently decides whether to update based on impact assessment. Safe, intelligent, and configurable.

What it does

1. Check Phase

  • Checks for OpenClaw updates
  • Checks for skill updates via ClawHub
  • Fetches changelog and diff

2. AI Analysis Phase

  • Analyzes changes using LLM
  • Evaluates system impact (架构/性能/兼容性)
  • Classifies risk level (HIGH/MEDIUM/LOW)

3. Decision Phase

Risk Level Action
HIGH Skip update, send detailed report
MEDIUM Skip update, send warning + report
LOW Auto-update, send summary

4. Report Phase

  • Generates readable update report
  • Includes risk assessment
  • Provides upgrade recommendations

Quick Start

Basic usage

# Run smart update check
openclaw sessions spawn \
  --agentId smart-auto-updater \
  --message "Run smart update check"

With custom parameters

openclaw sessions spawn \
  --agentId smart-auto-updater \
  --message "Check updates with custom settings: auto-update LOW risk, report MEDIUM risk"

Configuration

Environment Variables

# AI Model (optional, defaults to configured model)
export SMART_UPDATER_MODEL="minimax-portal/MiniMax-M2.1"

# Auto-update threshold (default: LOW)
# Options: NONE (report only), LOW, MEDIUM
export SMART_UPDATER_AUTO_UPDATE="LOW"

# Risk tolerance (default: MEDIUM)
# HIGH: Only auto-update LOW risk
# MEDIUM: Auto-update LOW + MEDIUM risk
# LOW: Auto-update all
export SMART_UPDATER_RISK_TOLERANCE="MEDIUM"

# Report level (default: detailed)
# Options: brief, detailed, full
export SMART_UPDATER_REPORT_LEVEL="detailed"

Report Format

High Risk Report

🔴 Smart Auto-Updater Report

Update Available: v1.2.3 → v1.3.0

⚠️ Risk Level: HIGH

📋 Changes Summary:
- Breaking API changes detected
- Database migration required
- 3 files modified

🏗️ Impact Assessment:
- Architecture: MAJOR changes to core components
- Performance: Potential impact on startup time
- Compatibility: Breaks backward compatibility

🚫 Decision: SKIPPED

💡 Recommendations:
1. Review changelog manually
2. Test in staging environment
3. Schedule maintenance window

🗓️ Next Check: 24 hours

Low Risk Auto-Update

🟢 Smart Auto-Updater Report

Updated: v1.2.3 → v1.2.4

✅ Risk Level: LOW

📋 Changes:
- Bug fixes (2)
- Performance improvements (1)

🏗️ Impact Assessment:
- Architecture: No changes
- Performance: Minor improvement
- Compatibility: Fully compatible

✅ Decision: AUTO-UPDATED

📊 Summary:
- OpenClaw: v1.2.3 → v1.2.4
- Skills updated: 2
- Skills unchanged: 15
- Errors: none

⏱️ Next Check: 24 hours

Architecture

┌──────────────────┐
│  Trigger (Cron)  │
└────────┬─────────┘
         │
         ▼
┌──────────────────┐
│  Check Updates    │ ← clawhub update --dry-run
└────────┬─────────┘
         │
         ▼
┌──────────────────┐
│  AI Analysis     │ ← Analyze changes, assess risk
└────────┬─────────┘
         │
    ┌────┴────┐
    │         │
    ▼         ▼
┌───────┐  ┌───────┐
│ HIGH  │  │ MEDIUM│
│ Skip  │  │ Skip  │
└───┬───┘  └───┬───┘
    │          │
    ▼          ▼
┌───────┐  ┌───────┐
│ LOW   │  │ Report│
│ Update│  │ Only  │
└───┬───┘  └───────┘
    │          │
    └────┬─────┘
         │
         ▼
┌──────────────────┐
│  Generate Report  │ ← Send summary
└──────────────────┘

Safety Features

  1. Dry Run First - Always check before acting
  2. Risk Classification - AI-powered impact assessment
  3. Configurable Thresholds - Set your own risk tolerance
  4. Detailed Logging - Every decision is logged
  5. Manual Override - Always can review before updating

Troubleshooting

Updates keep being skipped

  • Check risk tolerance setting
  • Verify AI model is available
  • Review changelog manually

False positives (too many HIGH risk)

  • Lower risk tolerance
  • Check AI model prompts
  • Review specific change patterns

Reports not being delivered

  • Verify delivery channel configuration
  • Check gateway status
  • Review session configuration

References

  • references/risk-assessment.md → AI risk assessment methodology
  • references/report-templates.md → Report format examples
  • references/integration.md → Integration with cron/jobs
Usage Guidance
What to consider before installing/using: - Trust & provenance: The skill has no source/homepage and no code files — treat it like opaque instructions. Prefer skills with a verifiable repository and maintainer. - Config & secrets: The docs reference many environment variables and webhook URLs (feishu/slack/discord) but the metadata declares none. Before enabling, ensure you control any webhook endpoints the skill will use and avoid putting sensitive credentials into untrusted agents. - Persistence: The skill can create cron jobs and auto-apply updates (including OpenClaw/core skills). If you enable auto-update, start with conservative settings (AUTO_UPDATE=NONE or LOW risk tolerance) and run in dry-run mode first. - Least privilege testing: Run the skill in an isolated or staging environment first. Inspect any created files (~/.config/smart-auto-updater.env, ~/.logs/smart-auto-updater.log) and review scheduled crons (openclaw cron list or system cron) before allowing it to run in production. - Auditability: Because the skill will fetch changelogs and may send reports externally, ensure logs and report destinations are monitored for unexpected content or destinations. Things that would change this assessment: presence of a public source repo or installable package that shows exact commands run, explicit declaration of required env vars/credentials in the metadata, or code files showing no unexpected network/file operations. Without that, the metadata/instructions mismatch (config files and webhooks referenced but not declared) makes the package suspicious.
Capability Analysis
Type: OpenClaw Skill Name: smart-auto-updater Version: 1.0.0 The skill bundle describes a 'Smart Auto-Updater' designed to check for updates, analyze changes using an LLM, assess risk, and decide whether to auto-update or report. All files, including `SKILL.md` and the AI prompts in `references/risk-assessment.md`, clearly define the agent's role and tasks, focusing on update assessment and reporting. While the skill involves powerful actions like auto-updating and sending reports to external webhooks (e.g., Feishu, Slack, Discord as configured in `references/integration.md`), these capabilities are explicitly stated, aligned with the skill's purpose, and include safety features like configurable risk thresholds. There is no evidence of intentional harmful behavior, data exfiltration of sensitive information, malicious execution, or prompt injection attempts to subvert the agent's intended function.
Capability Assessment
Purpose & Capability
The name/description align with the instructions: checking OpenClaw and ClawHub updates, analyzing changelogs with an LLM, classifying risk, and deciding whether to apply updates is coherent with an 'auto-updater' skill. Requesting no required binaries or credentials in metadata is plausible for an instruction-only skill that expects the platform's openclaw CLI and agent runtime to already provide access.
Instruction Scope
SKILL.md and references instruct the agent to read/write local config (~/.config/smart-auto-updater.env), write logs (~/.logs/smart-auto-updater.log), add cron jobs (openclaw cron add), and deliver reports to external channels. Those file paths and operational behaviors are not declared in the skill metadata. The instructions also refer to webhook environment variables and gateway status checks — the skill therefore reads and transmits system update state and may send data externally, which is broader than the declared surface.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to write/execute; that lowers install-time risk. There is no download or archive extraction described in the package metadata.
Credentials
The metadata declares no required env vars, but the documentation references many optional environment variables (AI model, auto-update thresholds, SMART_UPDATER_*), webhook URLs (FEISHU/SLACK/DISCORD), logging paths, and channel settings. Because these variables control where reports are sent and whether auto-updates occur, the absence of declared required credentials means the skill's external communication surfaces and secret requirements are under-specified and should be verified before use.
Persistence & Privilege
always is false (good), but the skill explicitly instructs creating recurring cron jobs and performing autonomous updates of OpenClaw/skills. Scheduling recurring sessions and enabling auto-update (even only for LOW risk by default) gives it persistent, recurring capability to act on the system. That's consistent with an updater but increases the risk if the skill is untrusted or misconfigured.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install smart-auto-updater
  3. After installation, invoke the skill by name or use /smart-auto-updater
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
smart-auto-updater 1.0.0 - Initial release of smart-auto-updater with AI-powered impact assessment. - Automatically checks for updates, fetches changelogs, and analyzes risks (architecture, performance, compatibility) using LLMs. - Classifies updates as HIGH, MEDIUM, or LOW risk and takes action (auto-update, skip, or report) accordingly. - Provides detailed, configurable reports and upgrade recommendations after each run. - Supports customizable environment variables for AI model, update thresholds, risk tolerance, and report detail level. - Includes robust safety features such as dry run checking, manual override, and detailed logging.
Metadata
Slug smart-auto-updater
Version 1.0.0
License
All-time Installs 22
Active Installs 22
Total Versions 1
Frequently Asked Questions

What is Smart Auto Updater?

Smart auto-updater with AI-powered impact assessment. Checks updates, analyzes changes, evaluates system impact, and decides whether to auto-update or just report. Perfect for hands-off maintenance with safety guarantees. It is an AI Agent Skill for Claude Code / OpenClaw, with 2817 downloads so far.

How do I install Smart Auto Updater?

Run "/install smart-auto-updater" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Smart Auto Updater free?

Yes, Smart Auto Updater is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Smart Auto Updater support?

Smart Auto Updater is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Smart Auto Updater?

It is built and maintained by 王睿 Ray (@ruiwang20010702); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments