← 返回 Skills 市场
423
总下载
0
收藏
3
当前安装
2
版本数
在 OpenClaw 中安装
/install openclaw-auto-update
功能描述
OpenClaw 版本升级评估与执行技能。工作流程:(1) 检测 agent-reach 可用性(无则引导安装),(2) 检查 GitHub releases 获取最新稳定版,(3) 对比当前版本判断是否需要更新,(4) 分析版本差距和更新日志,(5) 检查 GitHub issues 评估风险,(6) 综合评估...
安全使用建议
This skill appears to do what it says (check GitHub, assess releases/issues, backup ~/.openclaw, and perform updates/restarts). Before installing or running it, consider the following: (1) Backups include a credentials/ directory and are written to your home directory unencrypted — if those files contain secrets you should ensure they are stored/encrypted or deleted after use. (2) The skill will call system commands (openclaw update, rsync, agent-reach, notify utilities, PowerShell on Windows) and may need elevated permissions; run in a test environment first. (3) The README suggests installing agent-reach from a GitHub ZIP and suggests a 'curl | bash' installer for OpenClaw — verify the sources and prefer signed or audited installers. (4) There are minor implementation bugs (e.g., some functions reference random/string without imports in certain paths) which may cause runtime errors; review/run the Python scripts manually before granting them automated execution. (5) If you plan to enable scheduled checks or autonomous invocation, remember the skill can decide to block updates when it finds 'critical' issues; that behavior is intentional but you should confirm you want that policy. If you want a safer rollout: review the scripts, run them locally in dry-run mode, back up secrets elsewhere (or encrypt backups), and only permit the skill to perform updates after you verify outputs.
功能分析
Type: OpenClaw Skill
Name: openclaw-auto-update
Version: 1.0.1
The skill implements an automated update mechanism that requires high-privilege system access, including the ability to back up sensitive credentials, modify crontab/Task Scheduler for persistence, and execute remote shell scripts via 'curl | bash' (openclaw.ai/install.sh). It also directs the AI agent to install a dependency ('agent-reach') directly from a specific GitHub ZIP archive (Panniantong/agent-reach), which introduces supply chain risk. While these capabilities are consistent with the stated goal of a system updater, the combination of credential handling, persistence, and remote code execution pathways constitutes a significant security risk.
能力评估
Purpose & Capability
Name/description match the provided scripts and SKILL.md. The skill checks current version, reads GitHub releases/issues (via agent-reach), creates local backups of ~/.openclaw, and can execute updates/restarts — all expected for an updater. It does not request unrelated credentials or environment variables.
Instruction Scope
Instructions explicitly tell the agent to run system commands (openclaw, rsync, agent-reach, osascript/notify-send/powershell) and to read/write ~/.openclaw (including a credentials/ directory). That is within the tool's purpose, but backing up credentials into an unencrypted folder and writing reports under ~/.openclaw are sensitive behaviors the user should be aware of. The SKILL.md enforces a 'stop on critical issues' rule (autonomous enforcement), which is reasonable but means the skill may decline or block updates automatically.
Install Mechanism
Instruction-only skill (no install spec) with included Python scripts — low install risk. The README/SKILL.md recommends installing agent-reach via pipx from a GitHub zip and suggests running official installer via 'curl | bash' for OpenClaw; both are common but carry typical supply-chain/trust risks and should be verified by the user before running.
Credentials
The skill declares no required env vars or external credentials. It does access local files (openclaw.json, credentials/, workspace/) which is proportional to the backup/update purpose, but these are sensitive items — the skill stores backups locally (no encryption) and leaves reports in the user's home directory.
Persistence & Privilege
always:false and no automatic system-wide changes are requested. A cron_check.py exists (and README claims daily checks) but there is no automatic install of a cron job in the package; scheduling must be enabled by the user. The skill can run commands that restart the gateway — expected for an updater and not suspicious on its own.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-auto-update - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-auto-update触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
openclaw-auto-update v1.0.1
- Version bump only; no file or functional changes.
- No modifications to code or documentation detected.
- Maintains full compatibility with previous version.
v1.0.0
openclaw-update 1.0.0
- Initial release of the OpenClaw version upgrade evaluation and execution skill.
- Guides users through a comprehensive 10-step workflow: detects agent-reach, checks for the latest GitHub release, compares versions, analyzes changelogs and issues, assesses update risk, backs up user configuration, executes the upgrade, and restarts the gateway.
- Enforces critical safeguards (e.g., backup uniqueness, risk aborts on critical bugs, strict use of official changelogs).
- Supports both Chinese and English, automatically responds in the user's language preference.
- Provides detailed error handling, alternate manual paths, and recovery information throughout the update process.
元数据
常见问题
openclaw-update 是什么?
OpenClaw 版本升级评估与执行技能。工作流程:(1) 检测 agent-reach 可用性(无则引导安装),(2) 检查 GitHub releases 获取最新稳定版,(3) 对比当前版本判断是否需要更新,(4) 分析版本差距和更新日志,(5) 检查 GitHub issues 评估风险,(6) 综合评估... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 423 次。
如何安装 openclaw-update?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-auto-update」即可一键安装,无需额外配置。
openclaw-update 是免费的吗?
是的,openclaw-update 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
openclaw-update 支持哪些平台?
openclaw-update 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 openclaw-update?
由 Davis1216(@davis1216)开发并维护,当前版本 v1.0.1。
推荐 Skills