← Back to Skills Marketplace
davis1216

openclaw-update

by Davis1216 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
423
Downloads
0
Stars
3
Active Installs
2
Versions
Install in OpenClaw
/install openclaw-auto-update
Description
OpenClaw 版本升级评估与执行技能。工作流程:(1) 检测 agent-reach 可用性(无则引导安装),(2) 检查 GitHub releases 获取最新稳定版,(3) 对比当前版本判断是否需要更新,(4) 分析版本差距和更新日志,(5) 检查 GitHub issues 评估风险,(6) 综合评估...
Usage Guidance
This skill appears to do what it says (check GitHub, assess releases/issues, backup ~/.openclaw, and perform updates/restarts). Before installing or running it, consider the following: (1) Backups include a credentials/ directory and are written to your home directory unencrypted — if those files contain secrets you should ensure they are stored/encrypted or deleted after use. (2) The skill will call system commands (openclaw update, rsync, agent-reach, notify utilities, PowerShell on Windows) and may need elevated permissions; run in a test environment first. (3) The README suggests installing agent-reach from a GitHub ZIP and suggests a 'curl | bash' installer for OpenClaw — verify the sources and prefer signed or audited installers. (4) There are minor implementation bugs (e.g., some functions reference random/string without imports in certain paths) which may cause runtime errors; review/run the Python scripts manually before granting them automated execution. (5) If you plan to enable scheduled checks or autonomous invocation, remember the skill can decide to block updates when it finds 'critical' issues; that behavior is intentional but you should confirm you want that policy. If you want a safer rollout: review the scripts, run them locally in dry-run mode, back up secrets elsewhere (or encrypt backups), and only permit the skill to perform updates after you verify outputs.
Capability Analysis
Type: OpenClaw Skill Name: openclaw-auto-update Version: 1.0.1 The skill implements an automated update mechanism that requires high-privilege system access, including the ability to back up sensitive credentials, modify crontab/Task Scheduler for persistence, and execute remote shell scripts via 'curl | bash' (openclaw.ai/install.sh). It also directs the AI agent to install a dependency ('agent-reach') directly from a specific GitHub ZIP archive (Panniantong/agent-reach), which introduces supply chain risk. While these capabilities are consistent with the stated goal of a system updater, the combination of credential handling, persistence, and remote code execution pathways constitutes a significant security risk.
Capability Assessment
Purpose & Capability
Name/description match the provided scripts and SKILL.md. The skill checks current version, reads GitHub releases/issues (via agent-reach), creates local backups of ~/.openclaw, and can execute updates/restarts — all expected for an updater. It does not request unrelated credentials or environment variables.
Instruction Scope
Instructions explicitly tell the agent to run system commands (openclaw, rsync, agent-reach, osascript/notify-send/powershell) and to read/write ~/.openclaw (including a credentials/ directory). That is within the tool's purpose, but backing up credentials into an unencrypted folder and writing reports under ~/.openclaw are sensitive behaviors the user should be aware of. The SKILL.md enforces a 'stop on critical issues' rule (autonomous enforcement), which is reasonable but means the skill may decline or block updates automatically.
Install Mechanism
Instruction-only skill (no install spec) with included Python scripts — low install risk. The README/SKILL.md recommends installing agent-reach via pipx from a GitHub zip and suggests running official installer via 'curl | bash' for OpenClaw; both are common but carry typical supply-chain/trust risks and should be verified by the user before running.
Credentials
The skill declares no required env vars or external credentials. It does access local files (openclaw.json, credentials/, workspace/) which is proportional to the backup/update purpose, but these are sensitive items — the skill stores backups locally (no encryption) and leaves reports in the user's home directory.
Persistence & Privilege
always:false and no automatic system-wide changes are requested. A cron_check.py exists (and README claims daily checks) but there is no automatic install of a cron job in the package; scheduling must be enabled by the user. The skill can run commands that restart the gateway — expected for an updater and not suspicious on its own.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install openclaw-auto-update
  3. After installation, invoke the skill by name or use /openclaw-auto-update
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
openclaw-auto-update v1.0.1 - Version bump only; no file or functional changes. - No modifications to code or documentation detected. - Maintains full compatibility with previous version.
v1.0.0
openclaw-update 1.0.0 - Initial release of the OpenClaw version upgrade evaluation and execution skill. - Guides users through a comprehensive 10-step workflow: detects agent-reach, checks for the latest GitHub release, compares versions, analyzes changelogs and issues, assesses update risk, backs up user configuration, executes the upgrade, and restarts the gateway. - Enforces critical safeguards (e.g., backup uniqueness, risk aborts on critical bugs, strict use of official changelogs). - Supports both Chinese and English, automatically responds in the user's language preference. - Provides detailed error handling, alternate manual paths, and recovery information throughout the update process.
Metadata
Slug openclaw-auto-update
Version 1.0.1
License MIT-0
All-time Installs 4
Active Installs 3
Total Versions 2
Frequently Asked Questions

What is openclaw-update?

OpenClaw 版本升级评估与执行技能。工作流程:(1) 检测 agent-reach 可用性(无则引导安装),(2) 检查 GitHub releases 获取最新稳定版,(3) 对比当前版本判断是否需要更新,(4) 分析版本差距和更新日志,(5) 检查 GitHub issues 评估风险,(6) 综合评估... It is an AI Agent Skill for Claude Code / OpenClaw, with 423 downloads so far.

How do I install openclaw-update?

Run "/install openclaw-auto-update" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is openclaw-update free?

Yes, openclaw-update is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does openclaw-update support?

openclaw-update is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created openclaw-update?

It is built and maintained by Davis1216 (@davis1216); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments