← 返回 Skills 市场
Os Update Checker
作者
Paul Frederiksen
· GitHub ↗
· v1.2.1
· MIT-0
357
总下载
1
收藏
2
当前安装
5
版本数
在 OpenClaw 中安装
/install os-update-checker
功能描述
Check for available OS package updates with per-package changelog summaries and risk classification. Supports apt (Debian/Ubuntu), dnf (Fedora/RHEL), yum (Ce...
安全使用建议
This skill appears to do what it says: list upgradable packages and fetch changelogs. Before installing or running it, consider: 1) Network/privacy — changelog fetches (especially npm registry calls) will send package names to remote servers; run with --no-changelog if you need a purely local check. 2) Least privilege — run the script as an unprivileged user or inside a container if you want to limit what package manager metadata can reveal. 3) Inspect the bundled script yourself (scripts/check_updates.py) if you want to confirm there are no hidden network endpoints beyond standard registries. 4) If you operate in a locked-down environment, test in a staging VM to confirm the commands used are acceptable for your policies.
功能分析
Type: OpenClaw Skill
Name: os-update-checker
Version: 1.2.1
The os-update-checker skill is a well-structured, read-only utility for monitoring package updates across multiple platforms (apt, dnf, pacman, brew, npm, etc.). The code in scripts/check_updates.py follows security best practices by using subprocess.run with shell=False and validating all package names against strict regex patterns before execution. The only network activity is a legitimate request to the official npm registry (registry.npmjs.org) to fetch metadata for global packages, and the SKILL.md instructions contain no evidence of prompt injection or malicious directives.
能力评估
Purpose & Capability
Name/description match the provided code and SKILL.md. The included Python script implements discovery of package managers, listing upgradable packages, fetching changelogs, and classifying risk — which is exactly the stated purpose. There are no unexpected credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md and the script are consistent about using read-only package manager commands and fetching changelogs. However, fetching changelogs (apt via apt changelog, npm registry via HTTPS) will perform outbound network requests and therefore may disclose the list of packages (or package names) to upstream servers. This behavior is documented in SKILL.md but is the primary privacy/network surface to be aware of.
Install Mechanism
There is no install spec (instruction-only skill) and the code is bundled in the skill. Nothing in the manifest downloads or executes external archives or adds persistent binaries. Risk from the install mechanism is low.
Credentials
The skill requests no environment variables or credentials, which is proportionate. It does perform network I/O (apt changelog, npm registry via urllib), which is reasonable for changelog fetching but could expose package names to remote endpoints. No elevated privileges are requested in metadata, but some package manager commands may behave differently when run as root vs unprivileged user.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify agent/system configuration. It simply runs read-only commands at invocation time.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install os-update-checker - 安装完成后,直接呼叫该 Skill 的名称或使用
/os-update-checker触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.1
## os-update-checker 1.2.1
- Updated README.md for clearer documentation.
- No changes to functionality or code; documentation only.
v1.2.0
Add npm global packages backend: NpmBackend uses npm outdated -g --json, detect_backends() runs OS + npm in a single pass, registry metadata via stdlib urllib.request
v1.1.0
Cross-platform support: apt, dnf, yum, pacman, zypper, apk, brew. Pluggable backend architecture with per-backend name sanitization. VirusTotal-clean: shell=False, specific exceptions, full type hints and docstrings.
v1.0.1
VirusTotal hardening: removed unused imports, package name allowlist validation, split exception handlers, explicit shell=False comments, complete docstrings on all functions
v1.0.0
Initial release: apt update checker with per-package changelog summaries and risk classification
元数据
常见问题
Os Update Checker 是什么?
Check for available OS package updates with per-package changelog summaries and risk classification. Supports apt (Debian/Ubuntu), dnf (Fedora/RHEL), yum (Ce... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 357 次。
如何安装 Os Update Checker?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install os-update-checker」即可一键安装,无需额外配置。
Os Update Checker 是免费的吗?
是的,Os Update Checker 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Os Update Checker 支持哪些平台?
Os Update Checker 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Os Update Checker?
由 Paul Frederiksen(@pfrederiksen)开发并维护,当前版本 v1.2.1。
推荐 Skills