sys-updater_skill

This skill automates Ubuntu system maintenance for apt, npm, brew, and OpenClaw with conservative updates and automatic security handling.
  • Python

1.6k

GitHub Stars

4

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill sys-updater

  • _meta.json457 B
  • CLAUDE.md1.6 KB
  • README.md2.8 KB
  • SKILL.md4.3 KB

Overview

This skill automates conservative system package maintenance across Ubuntu (apt), npm, Homebrew, and OpenClaw skills. It applies security updates automatically, quarantines non-security changes for two days for web-based bug assessment, and produces daily reports and scheduled reviews. The design prioritizes safety with simulated apt upgrades and fine-grained sudo permissions.

How this skill works

Daily checks run at 06:00 MSK to refresh apt metadata, run unattended security upgrades, simulate non-security apt upgrades, and collect outdated npm/brew packages. Non-security updates are tracked and held in a 2-day quarantine for automated web-search bug checks; planned updates are applied on day three. OpenClaw skills auto-update immediately. State is kept in JSON files and logs with scheduled Telegram summaries at 09:00 MSK.

When to use it

  • Maintain Ubuntu hosts that require conservative, low-risk updates.
  • Track globally installed npm packages and Homebrew formulae before upgrading.
  • Automatically apply security fixes while delaying non-security changes for review.
  • Run maintenance in environments where dry-run apt behavior is required.
  • Manage OpenClaw skills with immediate safe updates alongside other package managers.

Best practices

  • Grant passwordless sudo only for the three specific apt commands listed; do not broaden sudo rights.
  • Keep state and log directories on a reliable filesystem and back them up regularly.
  • Review the quarantined package list daily and record reasons when blocking packages.
  • Validate cron schedules in the host timezone and ensure Telegram reporting credentials are available.
  • Use the simulated apt upgrade output for root-cause analysis before allowing real changes.

Example use cases

  • A production Ubuntu server that must receive security fixes immediately but avoids risky non-security upgrades.
  • A developer workstation where global npm packages are tracked and only updated after automated web-search checks.
  • A Mac laptop using Homebrew where formula upgrades are staged and applied after a quarantine period.
  • An OpenClaw deployment where skills are updated automatically while the rest of the system follows the conservative workflow.
  • Automated daily reports to an operations channel summarizing planned upgrades and blocked packages.

FAQ

Only apt-get update, apt-get -s upgrade (simulation), and unattended-upgrade -d are granted passwordless sudo for safe unattended operation.

How are non-security updates evaluated?

Tracked non-security packages are automatically researched via web search after two days; findings determine whether they are planned or blocked for upgrade on day three.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational