功能描述

Smart auto-updater with AI-powered impact assessment. Checks updates, analyzes changes, evaluates system impact, and decides whether to auto-update or just report. Perfect for hands-off maintenance with safety guarantees.

使用说明 (SKILL.md)

Smart Auto-Updater

Name: Smart Auto Updater
Author: ruiwang20010702

AI-powered auto-updater that intelligently decides whether to update based on impact assessment. Safe, intelligent, and configurable.

What it does

1. Check Phase

Checks for OpenClaw updates
Checks for skill updates via ClawHub
Fetches changelog and diff

2. AI Analysis Phase

Analyzes changes using LLM
Evaluates system impact (架构/性能/兼容性)
Classifies risk level (HIGH/MEDIUM/LOW)

3. Decision Phase

Risk Level	Action
HIGH	Skip update, send detailed report
MEDIUM	Skip update, send warning + report
LOW	Auto-update, send summary

4. Report Phase

Generates readable update report
Includes risk assessment
Provides upgrade recommendations

Quick Start

Basic usage

# Run smart update check
openclaw sessions spawn \
  --agentId smart-auto-updater \
  --message "Run smart update check"

With custom parameters

openclaw sessions spawn \
  --agentId smart-auto-updater \
  --message "Check updates with custom settings: auto-update LOW risk, report MEDIUM risk"

Configuration

Environment Variables

# AI Model (optional, defaults to configured model)
export SMART_UPDATER_MODEL="minimax-portal/MiniMax-M2.1"

# Auto-update threshold (default: LOW)
# Options: NONE (report only), LOW, MEDIUM
export SMART_UPDATER_AUTO_UPDATE="LOW"

# Risk tolerance (default: MEDIUM)
# HIGH: Only auto-update LOW risk
# MEDIUM: Auto-update LOW + MEDIUM risk
# LOW: Auto-update all
export SMART_UPDATER_RISK_TOLERANCE="MEDIUM"

# Report level (default: detailed)
# Options: brief, detailed, full
export SMART_UPDATER_REPORT_LEVEL="detailed"

Report Format

High Risk Report

🔴 Smart Auto-Updater Report

Update Available: v1.2.3 → v1.3.0

⚠️ Risk Level: HIGH

📋 Changes Summary:
- Breaking API changes detected
- Database migration required
- 3 files modified

🏗️ Impact Assessment:
- Architecture: MAJOR changes to core components
- Performance: Potential impact on startup time
- Compatibility: Breaks backward compatibility

🚫 Decision: SKIPPED

💡 Recommendations:
1. Review changelog manually
2. Test in staging environment
3. Schedule maintenance window

🗓️ Next Check: 24 hours

Low Risk Auto-Update

🟢 Smart Auto-Updater Report

Updated: v1.2.3 → v1.2.4

✅ Risk Level: LOW

📋 Changes:
- Bug fixes (2)
- Performance improvements (1)

🏗️ Impact Assessment:
- Architecture: No changes
- Performance: Minor improvement
- Compatibility: Fully compatible

✅ Decision: AUTO-UPDATED

📊 Summary:
- OpenClaw: v1.2.3 → v1.2.4
- Skills updated: 2
- Skills unchanged: 15
- Errors: none

⏱️ Next Check: 24 hours

Architecture

┌──────────────────┐
│  Trigger (Cron)  │
└────────┬─────────┘
         │
         ▼
┌──────────────────┐
│  Check Updates    │ ← clawhub update --dry-run
└────────┬─────────┘
         │
         ▼
┌──────────────────┐
│  AI Analysis     │ ← Analyze changes, assess risk
└────────┬─────────┘
         │
    ┌────┴────┐
    │         │
    ▼         ▼
┌───────┐  ┌───────┐
│ HIGH  │  │ MEDIUM│
│ Skip  │  │ Skip  │
└───┬───┘  └───┬───┘
    │          │
    ▼          ▼
┌───────┐  ┌───────┐
│ LOW   │  │ Report│
│ Update│  │ Only  │
└───┬───┘  └───────┘
    │          │
    └────┬─────┘
         │
         ▼
┌──────────────────┐
│  Generate Report  │ ← Send summary
└──────────────────┘

Safety Features

Dry Run First - Always check before acting
Risk Classification - AI-powered impact assessment
Configurable Thresholds - Set your own risk tolerance
Detailed Logging - Every decision is logged
Manual Override - Always can review before updating

Troubleshooting

Updates keep being skipped

Check risk tolerance setting
Verify AI model is available
Review changelog manually

False positives (too many HIGH risk)

Lower risk tolerance
Check AI model prompts
Review specific change patterns

Reports not being delivered

Verify delivery channel configuration
Check gateway status
Review session configuration

References

references/risk-assessment.md → AI risk assessment methodology
references/report-templates.md → Report format examples
references/integration.md → Integration with cron/jobs

安全使用建议

What to consider before installing/using: - Trust & provenance: The skill has no source/homepage and no code files — treat it like opaque instructions. Prefer skills with a verifiable repository and maintainer. - Config & secrets: The docs reference many environment variables and webhook URLs (feishu/slack/discord) but the metadata declares none. Before enabling, ensure you control any webhook endpoints the skill will use and avoid putting sensitive credentials into untrusted agents. - Persistence: The skill can create cron jobs and auto-apply updates (including OpenClaw/core skills). If you enable auto-update, start with conservative settings (AUTO_UPDATE=NONE or LOW risk tolerance) and run in dry-run mode first. - Least privilege testing: Run the skill in an isolated or staging environment first. Inspect any created files (~/.config/smart-auto-updater.env, ~/.logs/smart-auto-updater.log) and review scheduled crons (openclaw cron list or system cron) before allowing it to run in production. - Auditability: Because the skill will fetch changelogs and may send reports externally, ensure logs and report destinations are monitored for unexpected content or destinations. Things that would change this assessment: presence of a public source repo or installable package that shows exact commands run, explicit declaration of required env vars/credentials in the metadata, or code files showing no unexpected network/file operations. Without that, the metadata/instructions mismatch (config files and webhooks referenced but not declared) makes the package suspicious.

功能分析

Type: OpenClaw Skill Name: smart-auto-updater Version: 1.0.0 The skill bundle describes a 'Smart Auto-Updater' designed to check for updates, analyze changes using an LLM, assess risk, and decide whether to auto-update or report. All files, including `SKILL.md` and the AI prompts in `references/risk-assessment.md`, clearly define the agent's role and tasks, focusing on update assessment and reporting. While the skill involves powerful actions like auto-updating and sending reports to external webhooks (e.g., Feishu, Slack, Discord as configured in `references/integration.md`), these capabilities are explicitly stated, aligned with the skill's purpose, and include safety features like configurable risk thresholds. There is no evidence of intentional harmful behavior, data exfiltration of sensitive information, malicious execution, or prompt injection attempts to subvert the agent's intended function.

能力评估

ℹ Purpose & Capability

The name/description align with the instructions: checking OpenClaw and ClawHub updates, analyzing changelogs with an LLM, classifying risk, and deciding whether to apply updates is coherent with an 'auto-updater' skill. Requesting no required binaries or credentials in metadata is plausible for an instruction-only skill that expects the platform's openclaw CLI and agent runtime to already provide access.

⚠ Instruction Scope

SKILL.md and references instruct the agent to read/write local config (~/.config/smart-auto-updater.env), write logs (~/.logs/smart-auto-updater.log), add cron jobs (openclaw cron add), and deliver reports to external channels. Those file paths and operational behaviors are not declared in the skill metadata. The instructions also refer to webhook environment variables and gateway status checks — the skill therefore reads and transmits system update state and may send data externally, which is broader than the declared surface.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files to write/execute; that lowers install-time risk. There is no download or archive extraction described in the package metadata.

⚠ Credentials

The metadata declares no required env vars, but the documentation references many optional environment variables (AI model, auto-update thresholds, SMART_UPDATER_*), webhook URLs (FEISHU/SLACK/DISCORD), logging paths, and channel settings. Because these variables control where reports are sent and whether auto-updates occur, the absence of declared required credentials means the skill's external communication surfaces and secret requirements are under-specified and should be verified before use.

ℹ Persistence & Privilege

always is false (good), but the skill explicitly instructs creating recurring cron jobs and performing autonomous updates of OpenClaw/skills. Scheduling recurring sessions and enabling auto-update (even only for LOW risk by default) gives it persistent, recurring capability to act on the system. That's consistent with an updater but increases the risk if the skill is untrusted or misconfigured.

版本历史

v1.0.0

smart-auto-updater 1.0.0 - Initial release of smart-auto-updater with AI-powered impact assessment. - Automatically checks for updates, fetches changelogs, and analyzes risks (architecture, performance, compatibility) using LLMs. - Classifies updates as HIGH, MEDIUM, or LOW risk and takes action (auto-update, skip, or report) accordingly. - Provides detailed, configurable reports and upgrade recommendations after each run. - Supports customizable environment variables for AI model, update thresholds, risk tolerance, and report detail level. - Includes robust safety features such as dry run checking, manual override, and detailed logging.

元数据

Slug smart-auto-updater

版本 1.0.0

许可证 —

累计安装 22

当前安装数 22

历史版本数 1

常见问题