Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub Β· Developer Tools
Linux Patcher
Automated Linux server patching and Docker container updates. Use when the user asks to update, patch, or upgrade Linux servers, apply security updates, update Docker containers, check for system updates, or manage server maintenance across multiple hosts. Supports Ubuntu, Debian, RHEL, AlmaLinux, Rocky Linux, CentOS, Amazon Linux, and SUSE. Includes PatchMon integration for automatic host detection and intelligent Docker handling.
skill openclawclawhub Free
Automated Linux server patching and Docker container updates. Use when the user asks to update, patch, or upgrade Linux servers, apply security updates, update Docker containers, check for system updates, or manage server maintenance across multiple hosts. Supports Ubuntu, Debian, RHEL, AlmaLinux, Rocky Linux, CentOS, Amazon Linux, and SUSE. Includes PatchMon integration for automatic host detection and intelligent Docker handling.
β¬ 0 downloads β
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- CONTRIBUTING.md, README.md, SETUP.md, SKILL.md, WORKFLOWS.md, references/patchmon-setup.md
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 3.0.2
Provenance
- Publisher
- JGM2025
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Linux Patcher
Automate Linux server patching and Docker container updates across multiple hosts via SSH.
Distribution Support Status
Fully Tested: β Ubuntu - Tested end-to-end with real infrastructure Supported but Untested: β οΈ Debian GNU/Linux - Commands based on official documentation β οΈ Amazon Linux - Supports both AL2 (yum) and AL2023 (dnf) β οΈ RHEL (Red Hat Enterprise Linux) - Supports RHEL 7 (yum) and 8+ (dnf) β οΈ AlmaLinux - RHEL-compatible, uses dnf β οΈ Rocky Linux - RHEL-compatible, uses dnf β οΈ CentOS - Supports CentOS 7 (yum) and 8+ (dnf) β οΈ SUSE/OpenSUSE - Uses zypper package manager Testing Recommendation: Always test untested distributions in a non-production environment first. The script will warn you when running on untested distributions.
Security Notice
This skill requires: Passwordless sudo access - Configured with restricted permissions SSH key authentication - No passwords stored or transmitted PatchMon credentials - Stored securely in user's home directory Read SETUP.md for complete security configuration guide.
Automated (Recommended)
Patch all hosts from PatchMon (automatic detection): scripts/patch-auto.sh Skip Docker updates (packages only): scripts/patch-auto.sh --skip-docker Preview changes (dry-run): scripts/patch-auto.sh --dry-run
Manual (Alternative)
Single host - packages only: scripts/patch-host-only.sh user@hostname Single host - full update: scripts/patch-host-full.sh user@hostname /path/to/docker/compose Multiple hosts from config: scripts/patch-multiple.sh config-file.conf
Features
PatchMon integration - Automatically detects hosts needing updates Smart Docker detection - Auto-detects Docker and Compose paths Selective updates - Skip Docker updates with --skip-docker flag Passwordless sudo required - Configure with visudo or /etc/sudoers.d/ files SSH key authentication - No password prompts Parallel execution - Update multiple hosts simultaneously Dry-run mode - Preview changes without applying Manual override - Run updates on specific hosts without PatchMon
Option 1: Automatic via PatchMon (Recommended)
Configure PatchMon credentials for automatic host detection: cp scripts/patchmon-credentials.example.conf ~/.patchmon-credentials.conf nano ~/.patchmon-credentials.conf Set your credentials: PATCHMON_URL=https://patchmon.example.com PATCHMON_USERNAME=your-username PATCHMON_PASSWORD=your-password Then simply run: scripts/patch-auto.sh The script will: Query PatchMon for hosts needing updates Auto-detect Docker on each host Apply appropriate updates (host-only or full)
Option 2: Single Host (Quick Manual)
Run scripts directly with command-line arguments (no config file needed).
Option 3: Multiple Hosts (Manual Config)
Create a config file based on scripts/patch-hosts-config.example.sh: cp scripts/patch-hosts-config.example.sh my-servers.conf nano my-servers.conf Example config: # Host definitions: hostname,ssh_user,docker_path HOSTS=( "webserver.example.com,ubuntu,/opt/docker" "database.example.com,root,/home/admin/compose" "monitor.example.com,docker,/srv/monitoring" ) # Update mode: "host-only" or "full" UPDATE_MODE="full" # Dry run mode (set to "false" to apply changes) DRY_RUN="true" Then run: scripts/patch-multiple.sh my-servers.conf
Required on Control Machine (where OpenClaw runs)
OpenClaw installed and running SSH client installed (ssh command available) Bash 4.0 or higher curl installed (for PatchMon API) jq installed (for JSON parsing) PatchMon installed (required to check which hosts need updating) Does NOT need to be on the OpenClaw host Can be installed on any server accessible via HTTPS Download: https://github.com/PatchMon/PatchMon Install missing tools: # Ubuntu/Debian sudo apt install curl jq # RHEL/CentOS/Rocky/Alma sudo dnf install curl jq # macOS brew install curl jq
Required on Target Hosts
SSH server running and accessible SSH key authentication configured (passwordless login) Passwordless sudo configured for patching commands (see SETUP.md) Docker installed (optional, only for full updates) Docker Compose installed (optional, only for full updates) PatchMon agent installed and reporting (optional but recommended)
PatchMon Setup (Required for Automatic Mode)
PatchMon is required to automatically detect which hosts need patching. Important: PatchMon does NOT need to be installed on the same server as OpenClaw. Install PatchMon on a separate server (can be any server on your network), and OpenClaw will query it via API. Download PatchMon: GitHub: https://github.com/PatchMon/PatchMon Documentation: https://docs.patchmon.net What you need: PatchMon server installed on ANY accessible server (not necessarily the OpenClaw host) PatchMon agents installed on all target hosts you want to patch PatchMon API credentials (username/password) Network connectivity from OpenClaw host to PatchMon server (HTTPS) Architecture: βββββββββββββββββββ HTTPS API βββββββββββββββββββ β OpenClaw Host β ββββββββββββββββββ> β PatchMon Server β β (this machine) β Query updates β (separate host) β βββββββββββββββββββ βββββββββββββββββββ β β Reports βΌ βββββββββββββββββββ β Target Hosts β β (with agents) β βββββββββββββββββββ Quick Start: Install PatchMon server on a separate server (see GitHub repo) Install PatchMon agents on all hosts you want to patch Configure OpenClaw to access PatchMon API: cp scripts/patchmon-credentials.example.conf ~/.patchmon-credentials.conf nano ~/.patchmon-credentials.conf # Set PatchMon server URL chmod 600 ~/.patchmon-credentials.conf Detailed setup: See references/patchmon-setup.md for complete installation guide. Can I use this skill without PatchMon? Yes! You can use manual mode to target specific hosts without PatchMon. However, automatic detection of hosts needing updates requires PatchMon.
On Target Hosts
Required: SSH server running Passwordless sudo for the SSH user (for apt and docker commands) PatchMon agent installed and reporting (for automatic mode) For full updates: Docker and Docker Compose installed Docker Compose files exist at specified paths
Configure Passwordless Sudo
On each target host, create /etc/sudoers.d/patches: # For Ubuntu/Debian systems username ALL=(ALL) NOPASSWD: /usr/bin/apt, /usr/bin/docker # For RHEL/CentOS systems username ALL=(ALL) NOPASSWD: /usr/bin/yum, /usr/bin/docker, /usr/bin/dnf Replace username with your SSH user. Test with sudo -l to verify.
Host-Only Updates
Updates system packages only: Run apt update && apt upgrade (or yum update on RHEL) Remove unused packages (apt autoremove) Does NOT touch Docker containers When to use: Hosts without Docker Security patches only Minimal downtime required
Full Updates
Complete update cycle: Update system packages Clean Docker cache (docker system prune) Pull latest Docker images Recreate containers with new images Causes brief service interruption When to use: Docker-based infrastructure Regular maintenance windows Application updates available
Automatic Workflow (patch-auto.sh)
Query PatchMon - Fetch hosts needing updates via API For each host: SSH into host Check if Docker is installed Auto-detect Docker Compose path (if not specified) Apply host-only OR full update based on Docker detection Report results - Summary of successful/failed updates
Host-Only Update Process
SSH into target host Run sudo apt update Run sudo apt -y upgrade Run sudo apt -y autoremove Report results
Full Update Process
SSH into target host Run sudo apt update && upgrade && autoremove Navigate to Docker Compose directory Run sudo docker system prune -af (cleanup) Pull all Docker images listed in compose file Run sudo docker compose pull Run sudo docker compose up -d (recreate containers) Report results
Docker Detection Logic
When using automatic mode: Docker installed + compose file found β Full update Docker installed + no compose file β Host-only update Docker not installed β Host-only update --skip-docker flag set β Host-only update (ignores Docker)
Docker Path Auto-Detection
When Docker path is not specified, the script checks these locations: /home/$USER/Docker/docker-compose.yml /opt/docker/docker-compose.yml /srv/docker/docker-compose.yml $HOME/Docker/docker-compose.yml Current directory Override auto-detection: scripts/patch-host-full.sh user@host /custom/path
Example 1: Automatic update via PatchMon (recommended)
# First time: configure credentials cp scripts/patchmon-credentials.example.conf ~/.patchmon-credentials.conf nano ~/.patchmon-credentials.conf # Run automatic updates scripts/patch-auto.sh
Example 2: Automatic with dry-run
# Preview what would be updated scripts/patch-auto.sh --dry-run # Review output, then apply scripts/patch-auto.sh
Example 3: Skip Docker updates
# Update packages only, even if Docker is detected scripts/patch-auto.sh --skip-docker
Example 4: Manual single host, packages only
scripts/patch-host-only.sh admin@webserver.example.com
Example 5: Manual single host, full update with custom Docker path
scripts/patch-host-full.sh docker@app.example.com /home/docker/production
Example 6: Manual multiple hosts from config
scripts/patch-multiple.sh production-servers.conf
Example 7: Via OpenClaw chat
Simply ask OpenClaw: "Update my servers" "Patch all hosts that need updates" "Update packages only, skip Docker" OpenClaw will use the automatic mode and report results.
PatchMon Integration Issues
"PatchMon credentials not found" Create credentials file: cp scripts/patchmon-credentials.example.conf ~/.patchmon-credentials.conf Edit with your PatchMon URL and credentials Or set PATCHMON_CONFIG environment variable to custom location "Failed to authenticate with PatchMon" Verify PatchMon URL is correct (without trailing slash) Check username and password Ensure PatchMon server is accessible: curl -k https://patchmon.example.com/api/health Check firewall rules "No hosts need updates" but PatchMon shows updates available Verify PatchMon agents are running on target hosts: systemctl status patchmon-agent Check agent reporting intervals: /etc/patchmon/config.yml Force agent update: patchmon-agent report
System Update Issues
"Permission denied" on apt/docker commands Configure passwordless sudo (see Prerequisites section) Test with: ssh user@host sudo apt update "Connection refused" Verify SSH access: ssh user@host echo OK Check SSH keys are configured Verify hostname resolution Docker Compose not found Specify full path: scripts/patch-host-full.sh user@host /full/path Or install Docker Compose on target host Auto-detection searches: /home/user/Docker, /opt/docker, /srv/docker Containers fail to start after update Check logs: ssh user@host "docker logs container-name" Manually inspect: ssh user@host "cd /docker/path && docker compose logs" Rollback if needed: ssh user@host "cd /docker/path && docker compose down && docker compose up -d"
PatchMon Integration (Optional)
For dashboard monitoring and scheduled patching, see references/patchmon-setup.md. PatchMon provides: Web dashboard for update status Per-host package tracking Security update highlighting Update history
Security Considerations
Passwordless sudo is required for automation Limit to specific commands (apt, docker only) Use /etc/sudoers.d/ files (easier to manage) SSH keys should be protected Use passphrase-protected keys when possible Restrict key permissions: chmod 600 ~/.ssh/id_rsa Review updates before applying in production Use dry-run mode first Test on staging environment Schedule updates during maintenance windows Use OpenClaw cron jobs for automation Coordinate with team for Docker updates (brief downtime)
Best Practices
Test first - Run dry-run mode before applying changes Stagger updates - Don't update all hosts simultaneously (avoid full outage) Monitor logs - Check output for errors after updates Backup configs - Keep Docker Compose files in version control Schedule wisely - Update during low-traffic windows Document paths - Maintain config files for infrastructure Reboot when needed - Kernel updates require reboots (not automated)
Reboot Management
The scripts do NOT automatically reboot hosts. After updates: Check if reboot required: ssh user@host "[ -f /var/run/reboot-required ] && echo YES || echo NO" Schedule manual reboots during maintenance windows Use PatchMon dashboard to track reboot requirements
Run Updates on Schedule
Create a cron job for automatic nightly patching: cron add --name "Nightly Server Patching" \ --schedule "0 2 * * *" \ --task "cd ~/.openclaw/workspace/skills/linux-patcher && scripts/patch-auto.sh" Or packages-only mode: cron add --name "Nightly Package Updates" \ --schedule "0 2 * * *" \ --task "cd ~/.openclaw/workspace/skills/linux-patcher && scripts/patch-auto.sh --skip-docker"
Run Updates via Chat
Simply ask OpenClaw natural language commands: Full updates (packages + Docker containers): "Update my servers" β Includes Docker by default "Patch all hosts that need updates" "Update all my infrastructure" Packages only (exclude Docker): "Update my servers, excluding docker" "Update packages only, skip Docker" "Patch hosts without touching containers" Query status: "What servers need patching?" "Show me hosts that need updates" What happens automatically: When you say "Update my servers": β Queries PatchMon for hosts needing updates β Detects Docker on each host β Updates system packages β Pulls Docker images and recreates containers (if Docker detected) β Reports results with success/failure count When you say "Update my servers, excluding docker": β Queries PatchMon for hosts needing updates β Updates system packages only β Skips all Docker operations (containers keep running) β Reports results Important: Docker updates are included by default for maximum automation. Use "excluding docker" to skip container updates.
Manual Override (Specific Hosts)
Target individual hosts without querying PatchMon: "Update webserver.example.com" "Patch database.example.com packages only" "Update app.example.com with Docker" OpenClaw will use the manual scripts for targeted updates.
Documentation Files
This skill includes comprehensive documentation: SKILL.md (this file) - Overview and usage guide SETUP.md - Complete setup instructions with security best practices WORKFLOWS.md - Visual workflow diagrams for all modes references/patchmon-setup.md - PatchMon installation and integration First time setup? Read SETUP.md first - it provides step-by-step instructions for secure configuration. Want to understand the flow? Check WORKFLOWS.md for visual diagrams of how the skill operates.
Supported Linux Distributions
DistributionPackage ManagerTestedStatusUbuntuaptβ YesFully supportedDebianaptβ οΈ NoSupported (untested)Amazon Linux 2yumβ οΈ NoSupported (untested)Amazon Linux 2023dnfβ οΈ NoSupported (untested)RHEL 7yumβ οΈ NoSupported (untested)RHEL 8+dnfβ οΈ NoSupported (untested)AlmaLinuxdnfβ οΈ NoSupported (untested)Rocky Linuxdnfβ οΈ NoSupported (untested)CentOS 7yumβ οΈ NoSupported (untested)CentOS 8+dnfβ οΈ NoSupported (untested)SUSE/OpenSUSEzypperβ οΈ NoSupported (untested) The skill automatically detects the distribution and selects the appropriate package manager.
Category context
Code helpers, APIs, CLIs, browser automation, testing, and developer operations.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
6 Docs
- SKILL.md
- CONTRIBUTING.md
- README.md
- references/patchmon-setup.md
- SETUP.md
- WORKFLOWS.md