← 返回 Skills 市场
Smart Auto-Updater Pro
作者
aiwithabidi
· GitHub ↗
· v1.0.0
718
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install smart-updater-pro
功能描述
OpenClaw auto-update checker and safe applier. Checks for new versions, compares changelogs, and applies updates with rollback safety. Designed to run as a c...
安全使用建议
This skill contains a runnable updater script that will fetch tags, checkout releases, install dependencies, build, and restart services with Docker. Before installing or enabling it: 1) Verify provenance — confirm the author and homepage are trustworthy and match the repository used. 2) Inspect and test the script in an isolated environment (staging VM or container) — run it in check-only (--json) mode first. 3) Ensure required binaries are present and safe: python3, docker (and docker compose), and pnpm or npm — the skill's metadata only lists git but the script needs more. 4) Do not run the script as root on production hosts until you've validated rollback and health checks; it will modify running services. 5) Update the manifest to declare missing runtime requirements (python3, docker, pnpm/npm) and document the privilege/network expectations. If the author can provide an official repository URL (GitHub releases or similar) and update the metadata to list all runtime binaries and intended filesystem paths, the assessment could move from 'suspicious' toward 'benign'.
功能分析
Type: OpenClaw Skill
Name: smart-updater-pro
Version: 1.0.0
The `scripts/check_update.sh` skill performs powerful system-level modifications, including `git checkout`, `pnpm install`, `pnpm build`, `docker build`, and `docker compose up -d` on the `/host/openclaw` directory. While these actions are necessary for an auto-updater, they introduce a significant supply chain vulnerability. If the upstream OpenClaw repository were compromised, this script would pull and execute malicious code from the untrusted source, leading to potential Remote Code Execution (RCE) and system compromise. The script itself does not contain explicit malicious payloads, data exfiltration, or obfuscation, and its actions are transparently documented in `SKILL.md`. However, the critical risk of executing unverified code from an external source warrants a 'suspicious' classification due to the inherent vulnerability.
能力评估
Purpose & Capability
The skill claims to be an OpenClaw updater and the script indeed performs fetch/checkout/build/deploy of the OpenClaw repo, which is coherent. However the declared requirements list only 'git' while the script also depends on python3, docker/docker-compose, and pnpm or npm — those missing declarations are a capability/requirement mismatch.
Instruction Scope
SKILL.md and the script instruct the agent to operate directly on a host repository path (default /host/openclaw), perform git checkouts, rebuild images, and bring services up with docker compose. This legitimately touches system-level files and services but is broader than what's declared (no mention of docker or python). The script will modify running services and requires host Docker access; the cron examples also reference root paths which increases potential impact.
Install Mechanism
There is no install spec (instruction-only plus an included script), which minimizes installer risk because nothing is fetched during skill install. However the runtime operations (git fetch, docker build, pnpm/npm install, python3 usage) will perform network and disk activity at execution time — these are normal for an updater but should be noted.
Credentials
The skill declares no required environment variables, but the script reads OPENCLAW_REPO (with a default) and assumes access to host filesystem and Docker. Not explicitly declaring dependence on docker, pnpm/npm, or python3 (or documenting required privilege level) is disproportionate and may mislead users about what the skill needs.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. Autonomous invocation is allowed (platform default) but not combined with other high-privilege requests in the manifest. The script itself performs privileged actions at runtime if the agent runs it on a host with Docker access.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install smart-updater-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/smart-updater-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
auto-updater 1.0.0 — Initial Release
- Introduces automated update checking and application for OpenClaw, with rollback safety.
- Compares current and latest versions via git tags and displays changelogs before applying updates.
- Supports both manual and cron-based operation with JSON output mode for automation.
- Ensures safe update process: verifies gateway status, preserves rollback version, and never force-pushes.
- Provides clear rollback instructions in case of a failed update.
元数据
常见问题
Smart Auto-Updater Pro 是什么?
OpenClaw auto-update checker and safe applier. Checks for new versions, compares changelogs, and applies updates with rollback safety. Designed to run as a c... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 718 次。
如何安装 Smart Auto-Updater Pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install smart-updater-pro」即可一键安装,无需额外配置。
Smart Auto-Updater Pro 是免费的吗?
是的,Smart Auto-Updater Pro 完全免费(开源免费),可自由下载、安装和使用。
Smart Auto-Updater Pro 支持哪些平台?
Smart Auto-Updater Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Smart Auto-Updater Pro?
由 aiwithabidi(@aiwithabidi)开发并维护,当前版本 v1.0.0。
推荐 Skills