Back to skill
Skillv1.0.0
VirusTotal security
OpenClaw Safe Upgrade · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:25 AM
- Hash
- cadfeda5754a57e4e8fac8e0cf27b609fb06420089146e0832e675cdb7a094ea
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-safe-upgrade Version: 1.0.0 The skill implements an upgrade utility that uses 'systemd-run' to escape the gateway's cgroup and service lifecycle, ensuring the script survives the service restart it triggers. While functionally justified for a self-upgrade, this technique is a high-risk process isolation bypass. Additionally, the script performs global package installations ('npm i -g'), executes arbitrary scripts found in the workspace ('service-quick-check.py'), and automatically performs 'git push' operations on the workspace. These behaviors, while aligned with the stated purpose in 'SKILL.md' and 'scripts/safe-upgrade.sh', represent a significant and broad attack surface.
- External report
- View on VirusTotal