← Back to Skills Marketplace
Smart Auto-Updater Pro
by
aiwithabidi
· GitHub ↗
· v1.0.0
718
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install smart-updater-pro
Description
OpenClaw auto-update checker and safe applier. Checks for new versions, compares changelogs, and applies updates with rollback safety. Designed to run as a c...
Usage Guidance
This skill contains a runnable updater script that will fetch tags, checkout releases, install dependencies, build, and restart services with Docker. Before installing or enabling it: 1) Verify provenance — confirm the author and homepage are trustworthy and match the repository used. 2) Inspect and test the script in an isolated environment (staging VM or container) — run it in check-only (--json) mode first. 3) Ensure required binaries are present and safe: python3, docker (and docker compose), and pnpm or npm — the skill's metadata only lists git but the script needs more. 4) Do not run the script as root on production hosts until you've validated rollback and health checks; it will modify running services. 5) Update the manifest to declare missing runtime requirements (python3, docker, pnpm/npm) and document the privilege/network expectations. If the author can provide an official repository URL (GitHub releases or similar) and update the metadata to list all runtime binaries and intended filesystem paths, the assessment could move from 'suspicious' toward 'benign'.
Capability Analysis
Type: OpenClaw Skill
Name: smart-updater-pro
Version: 1.0.0
The `scripts/check_update.sh` skill performs powerful system-level modifications, including `git checkout`, `pnpm install`, `pnpm build`, `docker build`, and `docker compose up -d` on the `/host/openclaw` directory. While these actions are necessary for an auto-updater, they introduce a significant supply chain vulnerability. If the upstream OpenClaw repository were compromised, this script would pull and execute malicious code from the untrusted source, leading to potential Remote Code Execution (RCE) and system compromise. The script itself does not contain explicit malicious payloads, data exfiltration, or obfuscation, and its actions are transparently documented in `SKILL.md`. However, the critical risk of executing unverified code from an external source warrants a 'suspicious' classification due to the inherent vulnerability.
Capability Assessment
Purpose & Capability
The skill claims to be an OpenClaw updater and the script indeed performs fetch/checkout/build/deploy of the OpenClaw repo, which is coherent. However the declared requirements list only 'git' while the script also depends on python3, docker/docker-compose, and pnpm or npm — those missing declarations are a capability/requirement mismatch.
Instruction Scope
SKILL.md and the script instruct the agent to operate directly on a host repository path (default /host/openclaw), perform git checkouts, rebuild images, and bring services up with docker compose. This legitimately touches system-level files and services but is broader than what's declared (no mention of docker or python). The script will modify running services and requires host Docker access; the cron examples also reference root paths which increases potential impact.
Install Mechanism
There is no install spec (instruction-only plus an included script), which minimizes installer risk because nothing is fetched during skill install. However the runtime operations (git fetch, docker build, pnpm/npm install, python3 usage) will perform network and disk activity at execution time — these are normal for an updater but should be noted.
Credentials
The skill declares no required environment variables, but the script reads OPENCLAW_REPO (with a default) and assumes access to host filesystem and Docker. Not explicitly declaring dependence on docker, pnpm/npm, or python3 (or documenting required privilege level) is disproportionate and may mislead users about what the skill needs.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. Autonomous invocation is allowed (platform default) but not combined with other high-privilege requests in the manifest. The script itself performs privileged actions at runtime if the agent runs it on a host with Docker access.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install smart-updater-pro - After installation, invoke the skill by name or use
/smart-updater-pro - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
auto-updater 1.0.0 — Initial Release
- Introduces automated update checking and application for OpenClaw, with rollback safety.
- Compares current and latest versions via git tags and displays changelogs before applying updates.
- Supports both manual and cron-based operation with JSON output mode for automation.
- Ensures safe update process: verifies gateway status, preserves rollback version, and never force-pushes.
- Provides clear rollback instructions in case of a failed update.
Metadata
Frequently Asked Questions
What is Smart Auto-Updater Pro?
OpenClaw auto-update checker and safe applier. Checks for new versions, compares changelogs, and applies updates with rollback safety. Designed to run as a c... It is an AI Agent Skill for Claude Code / OpenClaw, with 718 downloads so far.
How do I install Smart Auto-Updater Pro?
Run "/install smart-updater-pro" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Smart Auto-Updater Pro free?
Yes, Smart Auto-Updater Pro is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Smart Auto-Updater Pro support?
Smart Auto-Updater Pro is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Smart Auto-Updater Pro?
It is built and maintained by aiwithabidi (@aiwithabidi); the current version is v1.0.0.
More Skills