← 返回 Skills 市场
378
总下载
1
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install self-updater
功能描述
⭐ OPEN SOURCE! GitHub: github.com/GhostDragon124/openclaw-self-updater ⭐ ONLY skill with Cron-aware + Idle detection! Auto-updates OpenClaw core & skills, an...
安全使用建议
Proceed cautiously. The skill's documentation refers to running a PowerShell updater script and reading your cron/config files — behaviors that could affect your gateway and may read sensitive command lines from cron. Before installing or running this updater: 1) Inspect the actual scripts (scripts/self-updater.ps1 and any code) in the GitHub repo or ClawHub package — do not run the updater blind. 2) Confirm why npm is required and whether any Node packages will be downloaded/executed. 3) Verify the skill's OS requirements (it claims Windows for idle detection) match your environment. 4) If you plan unattended updates, avoid giving AutoApprove until you trust the code; require manual approval for high-risk updates. 5) If you provide notification tokens (Telegram/Feishu), prefer using tokens/accounts with limited scope. Additional information that would raise confidence: the actual script files included in the package for review, a clear justification for npm, and matching registry metadata (required binaries and OS) that align with the SKILL.md.
功能分析
Type: OpenClaw Skill
Name: self-updater
Version: 1.4.2
The skill bundle describes a 'self-updater' with high-risk capabilities, including updating the OpenClaw core, restarting services, and executing PowerShell scripts with 'ExecutionPolicy Bypass'. It requests sensitive environment variables (TELEGRAM_BOT_TOKEN, FEISHU_APP_ID/SECRET) and reads local configuration files (~/.openclaw/openclaw.json). While these actions are aligned with the stated purpose of a maintenance utility, the inherent risk of a self-modifying tool combined with an anomalous future timestamp in _meta.json (March 2026) warrants a suspicious classification. The actual logic in scripts/self-updater.ps1 was not provided for verification.
能力评估
Purpose & Capability
The stated purpose (cron-aware, idle detection, updating core and skills) is plausible and aligns with reading ~/.openclaw/cron/jobs.json and ~/.openclaw/openclaw.json. However the registry metadata says 'no required binaries' while SKILL.md lists pwsh, npm, and clawhub — that mismatch is unexplained. The SKILL.md also says Windows is required for idle detection, but the registry imposes no OS restriction. These inconsistencies reduce confidence that requirements are accurate and minimal.
Instruction Scope
SKILL.md instructs running a PowerShell script (scripts/self-updater.ps1) and reading ~/.openclaw/cron/jobs.json and ~/.openclaw/openclaw.json. Reading cron/job files is reasonable for 'cron-aware' behavior, but cron entries often contain arbitrary commands and sensitive data — so reading them is potentially sensitive even if needed. The runtime instructions refer to a script path that is not included in the package; it's unclear whether the agent will fetch and execute remote code. Any updater that restarts the gateway or runs arbitrary install commands should be inspected before execution.
Install Mechanism
There is no install spec and no code files in the registry copy (instruction-only), so nothing will be written to disk by the registry package itself. That minimizes immediate install-time risk. The Quick Start expects executing a local PowerShell script, but that script is absent from the included files — meaning the user/agent would need to obtain it from the referenced GitHub/ClawHub, which is an additional step outside this package.
Credentials
Optional environment variables for notifications (TELEGRAM_BOT_TOKEN, FEISHU_APP_ID, FEISHU_APP_SECRET) are reasonable for a notifier. However SKILL.md's assertation 'only reads gateway.port' conflicts with its own instruction to read cron jobs (which may contain commands/credentials). Also npm is listed as required without clear justification beyond possible dependency management — that could be unnecessary depending on implementation.
Persistence & Privilege
The skill does not declare always:true and is user-invocable. It allows autonomous invocation (the platform default) but does not request unusual persistent privileges or modify other skills according to the metadata provided.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install self-updater - 安装完成后,直接呼叫该 Skill 的名称或使用
/self-updater触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.4.2
- Added metadata: repository, homepage, required_binaries, and optional_envs for better documentation and integration.
- Listed PowerShell, npm, and clawhub as required binaries.
- Documented optional environment variables for Telegram and Feishu notifications.
- Clarified requirements section and specified that only the gateway port is read from config.
- No code changes, only SKILL.md updated for improved clarity and completeness.
v1.4.1
- Risk level thresholds in the AI Risk Assessment have been adjusted for greater precision.
- Medium risk now allows auto-update with a warning, instead of just a warning.
- Score boundaries for Low, Medium, and High risk levels updated for clearer user experience.
v1.4.0
- Added a README.md file for clearer project overview.
- Marked the skill as open source and included the GitHub repository link in the description.
v1.3.1
- Updated SKILL.md with a more concise, marketing-focused description and reorganized feature highlights.
- Added a comparison table to showcase advantages over other updaters.
- Summarized key parameters and requirements for quick reference.
- Improved layout: grouped user scenarios, usage examples, and included a use cases section.
- No functional changes to the updater; update is documentation/metadata only.
v1.3.0
- Adds user approval step for High-risk updates, pausing to request confirmation before proceeding
- Introduces `-AutoApprove` parameter to allow skipping approval (for automated or scheduled runs)
- Refines AI impact assessment: High-risk updates now require explicit user approval; Medium risk triggers warning but auto-updates
- Notification messages are now more concise with clear pre-update and post-update summaries
- Updates documentation to reflect new approval flow and parameter changes
v1.2.0
Self Updater 1.2.0 introduces AI-powered risk assessment and smart notifications.
- Added AI Impact Assessment to evaluate update risk and classify as low, medium, or high.
- Introduced Smart Notification: auto-detects Telegram/Feishu channels and sends update reports and risk.
- New parameter: -NoNotify to skip sending notifications.
- Description and documentation updated to reflect new features.
- No code or logic for update mechanics changed.
v1.1.0
Version 1.1.0
- Now supports updating both OpenClaw core and installed skills
- Added parameter `-UpdateSkillsOnly` to update skills without updating the core
- Documentation improved to reflect skill update process and usage
- Requirements updated to include clawhub CLI
v1.0.0
Initial release of the self-updater skill for OpenClaw.
- Automatically checks for updates and schedules them intelligently to avoid active user or cron task windows.
- Reads and analyzes cron schedules to pick optimal update times.
- Detects and uses the correct gateway port from configuration files.
- Monitors gateway health via HTTP checks and restarts gateway smoothly after updates.
- Supports dry-run, smart timing, quiet/scheduled operation, and semver-based version comparison.
元数据
常见问题
Self Updater 是什么?
⭐ OPEN SOURCE! GitHub: github.com/GhostDragon124/openclaw-self-updater ⭐ ONLY skill with Cron-aware + Idle detection! Auto-updates OpenClaw core & skills, an... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 378 次。
如何安装 Self Updater?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install self-updater」即可一键安装,无需额外配置。
Self Updater 是免费的吗?
是的,Self Updater 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Self Updater 支持哪些平台?
Self Updater 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Self Updater?
由 James F(@ghostdragon124)开发并维护,当前版本 v1.4.2。
推荐 Skills