sys-updater

Review·Scanned 2/18/2026

This skill automates Ubuntu system maintenance for apt, npm, brew, and OpenClaw skills with daily runs, tracking, and Telegram reports. It executes system commands (e.g., sudo apt-get update, unattended-upgrade -d, npm, brew, clawhub) and requires creating /etc/sudoers.d/sys-updater for passwordless sudo.

from clawhub.ai·v87cb4f0·66.2 KB·0 installs
Scanned from 1.0.1 at 87cb4f0 · Transparency log ↗
$ vett add clawhub.ai/spiceman161/sys-updaterReview findings below

sys-updater

System maintenance automation for Ubuntu hosts. Runs safe daily maintenance (security updates + upgrade simulations), tracks pending non-security updates for manual review, and generates Telegram reports in Russian.

Philosophy

Conservative and safe. Security updates are applied automatically via unattended-upgrade, but non-security upgrades are never applied automatically—only tracked and reported.

Quick Start

# Run 6am maintenance (apt update, security updates, simulation, track packages)
python3 scripts/apt_maint.py run_6am

# Generate 9am report (reads state from last run)
python3 scripts/apt_maint.py report_9am

# Dry-run mode (test without executing sudo commands)
python3 scripts/apt_maint.py run_6am --dry-run

# Verbose mode (also log to console)
python3 scripts/apt_maint.py run_6am --verbose

Requirements

  • Python 3.10+ (stdlib only, no dependencies)
  • Ubuntu with unattended-upgrades installed
  • Sudo NOPASSWD for apt-get and unattended-upgrade (see docs/sudoers.md)

Directory Structure

sys-updater/
├── scripts/
│   └── apt_maint.py      # Main script (~300 lines)
├── state/
│   ├── apt/
│   │   ├── last_run.json # Results from latest run
│   │   └── tracked.json  # Package tracking metadata
│   └── logs/
│       ├── apt_maint.log          # Current log file
│       ├── apt_maint.log.YYYY-MM-DD # Rotated daily (UTC midnight), kept 10 days
│       └── cron.log              # Optional: stdout/stderr redirection
├── docs/                  # Documentation
├── CLAUDE.md             # Instructions for Claude Code
└── README.md

Schedule

Default intended schedule (Europe/Moscow):

  • 06:00 MSKrun_6am (apt update + unattended-upgrade + simulation + tracking)
  • 09:00 MSKreport_9am (renders Telegram report from saved state)

In this setup, scheduling is typically done via OpenClaw cron jobs (see openclaw cron list).

Documentation

  • How it Works - Architecture and workflow
  • Scheduling - Cron setup
  • Sudoers Setup - Required permissions
  • State Files - JSON schema reference
  • Logging - Log format and location
  • Operations - Disable, rollback, troubleshooting
  • Extending - Adding providers (brew/npm/etc)

Environment Variables

VariableDefaultDescription
SYS_UPDATER_BASE_DIR/home/moltuser/clawd/sys-updaterBase directory
SYS_UPDATER_STATE_DIR$BASE_DIR/state/aptState files location
SYS_UPDATER_LOG_DIR$BASE_DIR/state/logsLog files location

License

Internal tool, not for distribution.