{ "schemaVersion": "1.0", "item": { "slug": "sys-updater", "name": "sys-updater", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/Spiceman161/sys-updater", "canonicalUrl": "https://clawhub.ai/Spiceman161/sys-updater", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/sys-updater", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=sys-updater", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CLAUDE.md", "README.md", "SKILL.md", "docs/AUTO_REVIEW.md", "docs/REFACTOR-PLAN-2026-02-19.md", "docs/extending.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/sys-updater" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/sys-updater", "agentPageUrl": "https://openagent3.xyz/skills/sys-updater/agent", "manifestUrl": "https://openagent3.xyz/skills/sys-updater/agent.json", "briefUrl": "https://openagent3.xyz/skills/sys-updater/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "System Updater (sys-updater)", "body": "Comprehensive system maintenance automation for Ubuntu hosts with support for apt, npm, brew, and OpenClaw skills." }, { "title": "What this skill does", "body": "sys-updater is a conservative maintenance pipeline for Linux hosts running OpenClaw.\nIt separates security patching from feature upgrades, keeps auditable state files, and sends a human-readable daily report." }, { "title": "Core capabilities", "body": "APT (Ubuntu)\n\ndaily apt-get update\nautomatic security updates via unattended-upgrade\nnon-security upgrades only from explicit planned list\n\n\nNPM / PNPM / Brew\n\ndetect outdated packages\nkeep them in tracked state\nauto-review package risk (bugs/regressions/CVE signals)\ninstall only approved/planned updates\n\n\nOpenClaw skills (ClawHub)\n\nchecks installed skills and reports update status\n\n\nDaily report (09:00 MSK)\n\ncurrent health/status\ncandidates/planned/blocked per manager\nexplicit “actually installed” lines for apt/npm/pnpm/brew" }, { "title": "Daily (06:00 MSK)", "body": "run_6am:\n├── apt: update, security upgrades, simulate, track non-security\n├── npm/brew: check outdated, add to tracking\n└── skills: auto-update immediately (no quarantine)" }, { "title": "Report (09:00 MSK)", "body": "Summary of all package managers\nPlanned updates for next day\nBlocked packages with reasons" }, { "title": "T+2 Days (Review)", "body": "Web search for bugs/regressions in tracked packages\nMark as planned or blocked based on findings" }, { "title": "T+3 Days (Upgrade)", "body": "Apply planned npm/brew upgrades\nSend completion report" }, { "title": "State Files", "body": "state/apt/last_run.json — Last run results\nstate/apt/tracked.json — APT packages being tracked\nstate/apt/npm_tracked.json — NPM packages\nstate/apt/brew_tracked.json — Brew packages\nstate/logs/apt_maint.log — Daily logs (10-day rotation)" }, { "title": "Manual Commands", "body": "# Daily maintenance (runs automatically)\n./scripts/apt_maint.py run_6am\n\n# Generate report\n./scripts/apt_maint.py report_9am\n\n# Check npm/brew only\n./scripts/pkg_maint.py check\n\n# Review packages (after 2 days)\n./scripts/pkg_maint.py review\n\n# Apply planned upgrades\n./scripts/pkg_maint.py upgrade\n\n# Update skills only\n./scripts/pkg_maint.py skills" }, { "title": "Configuration", "body": "Environment variables:\n\nSYS_UPDATER_BASE_DIR — Base directory (default: ~/clawd/sys-updater)\nSYS_UPDATER_STATE_DIR — State files location\nSYS_UPDATER_LOG_DIR — Log files location" }, { "title": "Cron Jobs", "body": "Requires 4 cron jobs:\n\nrun_6am — Daily 06:00 MSK (apt + check npm/brew + auto skills)\nreport_9am — Daily 09:00 MSK (Telegram report)\nreview_2d — T+2 days 09:00 MSK (web search bugs)\nupgrade_3d — T+3 days 06:00 MSK (apply planned)" }, { "title": "Conservative Design", "body": "Security updates: Applied automatically via unattended-upgrade\nNon-security: 2-day observation period with bug research\nUser control: Can block any package with reason\nSafety: Dry-run simulation before any apt upgrade" }, { "title": "Requirements", "body": "Ubuntu with apt\nNode.js + npm (for npm packages)\nHomebrew (for brew packages)\nOpenClaw with clawhub CLI\nsudo access for specific apt commands (see below)" }, { "title": "Sudoers Configuration", "body": "For unattended operation, grant the running user passwordless sudo for specific apt commands only. Do not add the user to full sudoers.\n\nCreate file /etc/sudoers.d/sys-updater:\n\n# Allow sys-updater to run apt maintenance commands without password\n# Replace 'username' with your actual username\nusername ALL=(root) NOPASSWD: /usr/bin/apt-get update\nusername ALL=(root) NOPASSWD: /usr/bin/apt-get -s upgrade\nusername ALL=(root) NOPASSWD: /usr/bin/unattended-upgrade -d\n\nSet secure permissions:\n\nsudo chmod 440 /etc/sudoers.d/sys-updater\nsudo visudo -c # Verify syntax is valid" }, { "title": "Required Commands Explained", "body": "CommandPurposeapt-get updateRefresh package listsapt-get -s upgradeSimulate upgrade (dry-run, no actual changes)unattended-upgrade -dApply security updates automatically" }, { "title": "Security Notes", "body": "Only these 3 specific commands are allowed\nNo apt-get upgrade without -s (simulation only for tracking)\nNo apt-get dist-upgrade or autoremove\nNo package installation/removal through sudo\nNPM and brew do not require sudo (user installs)" } ], "body": "System Updater (sys-updater)\n\nComprehensive system maintenance automation for Ubuntu hosts with support for apt, npm, brew, and OpenClaw skills.\n\nWhat this skill does\n\nsys-updater is a conservative maintenance pipeline for Linux hosts running OpenClaw. It separates security patching from feature upgrades, keeps auditable state files, and sends a human-readable daily report.\n\nCore capabilities\nAPT (Ubuntu)\ndaily apt-get update\nautomatic security updates via unattended-upgrade\nnon-security upgrades only from explicit planned list\nNPM / PNPM / Brew\ndetect outdated packages\nkeep them in tracked state\nauto-review package risk (bugs/regressions/CVE signals)\ninstall only approved/planned updates\nOpenClaw skills (ClawHub)\nchecks installed skills and reports update status\nDaily report (09:00 MSK)\ncurrent health/status\ncandidates/planned/blocked per manager\nexplicit “actually installed” lines for apt/npm/pnpm/brew\nWorkflow\nDaily (06:00 MSK)\nrun_6am:\n├── apt: update, security upgrades, simulate, track non-security\n├── npm/brew: check outdated, add to tracking\n└── skills: auto-update immediately (no quarantine)\n\nReport (09:00 MSK)\nSummary of all package managers\nPlanned updates for next day\nBlocked packages with reasons\nT+2 Days (Review)\nWeb search for bugs/regressions in tracked packages\nMark as planned or blocked based on findings\nT+3 Days (Upgrade)\nApply planned npm/brew upgrades\nSend completion report\nState Files\nstate/apt/last_run.json — Last run results\nstate/apt/tracked.json — APT packages being tracked\nstate/apt/npm_tracked.json — NPM packages\nstate/apt/brew_tracked.json — Brew packages\nstate/logs/apt_maint.log — Daily logs (10-day rotation)\nManual Commands\n# Daily maintenance (runs automatically)\n./scripts/apt_maint.py run_6am\n\n# Generate report\n./scripts/apt_maint.py report_9am\n\n# Check npm/brew only\n./scripts/pkg_maint.py check\n\n# Review packages (after 2 days)\n./scripts/pkg_maint.py review\n\n# Apply planned upgrades\n./scripts/pkg_maint.py upgrade\n\n# Update skills only\n./scripts/pkg_maint.py skills\n\nConfiguration\n\nEnvironment variables:\n\nSYS_UPDATER_BASE_DIR — Base directory (default: ~/clawd/sys-updater)\nSYS_UPDATER_STATE_DIR — State files location\nSYS_UPDATER_LOG_DIR — Log files location\nCron Jobs\n\nRequires 4 cron jobs:\n\nrun_6am — Daily 06:00 MSK (apt + check npm/brew + auto skills)\nreport_9am — Daily 09:00 MSK (Telegram report)\nreview_2d — T+2 days 09:00 MSK (web search bugs)\nupgrade_3d — T+3 days 06:00 MSK (apply planned)\nConservative Design\nSecurity updates: Applied automatically via unattended-upgrade\nNon-security: 2-day observation period with bug research\nUser control: Can block any package with reason\nSafety: Dry-run simulation before any apt upgrade\nRequirements\nUbuntu with apt\nNode.js + npm (for npm packages)\nHomebrew (for brew packages)\nOpenClaw with clawhub CLI\nsudo access for specific apt commands (see below)\nSudoers Configuration\n\nFor unattended operation, grant the running user passwordless sudo for specific apt commands only. Do not add the user to full sudoers.\n\nCreate file /etc/sudoers.d/sys-updater:\n\n# Allow sys-updater to run apt maintenance commands without password\n# Replace 'username' with your actual username\nusername ALL=(root) NOPASSWD: /usr/bin/apt-get update\nusername ALL=(root) NOPASSWD: /usr/bin/apt-get -s upgrade\nusername ALL=(root) NOPASSWD: /usr/bin/unattended-upgrade -d\n\n\nSet secure permissions:\n\nsudo chmod 440 /etc/sudoers.d/sys-updater\nsudo visudo -c # Verify syntax is valid\n\nRequired Commands Explained\nCommand\tPurpose\napt-get update\tRefresh package lists\napt-get -s upgrade\tSimulate upgrade (dry-run, no actual changes)\nunattended-upgrade -d\tApply security updates automatically\nSecurity Notes\nOnly these 3 specific commands are allowed\nNo apt-get upgrade without -s (simulation only for tracking)\nNo apt-get dist-upgrade or autoremove\nNo package installation/removal through sudo\nNPM and brew do not require sudo (user installs)" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/Spiceman161/sys-updater", "publisherUrl": "https://clawhub.ai/Spiceman161/sys-updater", "owner": "Spiceman161", "version": "1.1.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/sys-updater", "downloadUrl": "https://openagent3.xyz/downloads/sys-updater", "agentUrl": "https://openagent3.xyz/skills/sys-updater/agent", "manifestUrl": "https://openagent3.xyz/skills/sys-updater/agent.json", "briefUrl": "https://openagent3.xyz/skills/sys-updater/agent.md" } }