← Back to Skills Marketplace
Update Scout
by
ziggy2socks
· GitHub ↗
· v1.1.2
· MIT-0
266
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install update-scout
Description
Automate update tracking for OpenClaw and any other GitHub-released tools. Scout monitors your watchlist weekly, reviews release notes with a security lens,...
Usage Guidance
This skill appears internally consistent with its stated role as a GitHub release watcher and reviewer. Before installing: review the packaged scripts yourself (they are included) and confirm you trust the publisher (source is unknown). Be cautious about adding watchlist entries that use detect.type=command — the exact command you store will be executed on your machine when checking versions. Only set GITHUB_TOKEN if you understand it increases API rate limits (the skill does not store the token). Don't run the skill as root; restrict its use to a non-privileged account. If you plan to let the agent invoke the skill autonomously, consider whether you trust that agent to not add malicious watchlist entries or run the review scripts without your supervision.
Capability Analysis
Type: OpenClaw Skill
Name: update-scout
Version: 1.1.2
The skill bundle provides legitimate software update tracking but includes high-risk capabilities that could be abused. Specifically, 'check_updates.py' and 'add_tool.py' allow for the execution of arbitrary shell commands defined in a local configuration file (~/.config/scout/watchlist.json) to detect software versions. Additionally, 'review_skills.py' performs a broad scan of all files within the OpenClaw skills workspace and fetches remote content from a hardcoded GitHub URL (openclaw/openclaw) to provide as context for the agent, creating a potential vector for indirect prompt injection. While these features align with the stated purpose of update monitoring and health checks, the lack of command sanitization and the workspace-wide file access are significant security risks.
Capability Assessment
Purpose & Capability
Name/description match the behavior: scripts poll GitHub, summarize release notes, check issues, and manage a local watchlist. Required resources (local config files, optional GITHUB_TOKEN) are appropriate for this functionality.
Instruction Scope
SKILL.md tells the agent to run the included scripts which read/write ~/.config/scout and (for reviews) the skills directory (~/.openclaw/workspace/skills). This matches the stated purpose. Note: version detection supports running user-specified commands (detect.type=command) and npm/pip/file checks — running those commands is required to detect installed versions, but they will execute whatever command appears in the watchlist, so watchlist entries must be trusted.
Install Mechanism
No install spec; this is an instruction-only skill with shipped scripts. Nothing is downloaded or installed automatically by the skill itself.
Credentials
No required environment variables. GITHUB_TOKEN is referenced only as an optional token to increase GitHub API rate limits and is not stored. Requested env access is proportionate to the skill's use of the GitHub API.
Persistence & Privilege
The skill writes its own config under ~/.config/scout and reads the user's skills directory when reviewing skills; it does not request always:true or system-wide privileges. Be aware that scripts run subprocesses (npm, pip, or arbitrary detect commands) as the invoking user — do not run as root, and ensure watchlist entries are trusted. Autonomous model invocation is permitted by default on the platform; combined with the ability to add watchlist entries that run commands, that could lead to local command execution if misused by an agent.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install update-scout - After installation, invoke the skill by name or use
/update-scout - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.2
v1.1.2: Polish pass — removed unused imports, fixed return type annotation, merged duplicate SKILL.md sections. Passes self-review clean.
v1.1.1
v1.1.1: Fixed review_skills.py — removed dead code, fixed unused imports, improved script reference detection, corrected exit codes, symlink-safe file scanning.
v1.1.0
v1.1.0: Added review_skills.py — periodic skill health review against OpenClaw best practices. Scout now monitors both software updates and skill quality.
v1.0.1
Improved description to lead with user value and OpenClaw mention.
v1.0.0
Initial release — GitHub release monitor with security review protocol, skip list, and post-release issue verification.
Metadata
Frequently Asked Questions
What is Update Scout?
Automate update tracking for OpenClaw and any other GitHub-released tools. Scout monitors your watchlist weekly, reviews release notes with a security lens,... It is an AI Agent Skill for Claude Code / OpenClaw, with 266 downloads so far.
How do I install Update Scout?
Run "/install update-scout" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Update Scout free?
Yes, Update Scout is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Update Scout support?
Update Scout is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Update Scout?
It is built and maintained by ziggy2socks (@ziggy2socks); the current version is v1.1.2.
More Skills