ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Updater

v1.6.0

Safely update OpenClaw with pre-flight checks and rollback support. Use when updating OpenClaw, checking for updates, or recovering from a failed update. Han...

0· 606·3 current·4 all-time
bySan Chen@bigsan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The scripts perform the expected update/rollback tasks (git commits of workspaces, config backup, npm-based rollback, gateway restart, Telegram notifications). However the registry metadata claims no required binaries or env vars while the scripts clearly rely on multiple system tools (openclaw CLI, npm, git, node, curl) and optional TELEGRAM_* credentials. This mismatch is an incoherence between what the skill claims and what it needs to run.
Instruction Scope
SKILL.md and the included scripts operate on user data: they read ~/.openclaw/openclaw.json, discover and git-commit workspace directories (initializing repos if missing), copy config to /tmp, run an optional backup script specified by the user, perform npm installs, and restart the gateway. All of this is within the updater's stated scope, but some actions modify user files (git commits, npm -g installs) and execute a user-specified BACKUP_SCRIPT — review those carefully before running.
Install Mechanism
No external install/download steps are declared; the skill is instruction-only and ships its scripts in the bundle. There are no remote archives or URL downloads in the install process.
!
Credentials
The registry metadata lists no required environment variables, but the scripts require TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID (via an env file) for notifications. The scripts also depend on CLI tools (openclaw, npm, git, node, curl) that are not declared. The script writes backups to /tmp (world-writable by default), which is convenient but less secure and could be tampered with on multi-user systems.
Persistence & Privilege
The skill is not force-included (always:false) and doesn't request persistent platform privileges. Still, running these scripts will perform privileged or persistent actions on the host: global npm installs (npm install -g) change system-wide packages and restarting the gateway changes running services. Those are expected for an updater but are significant side effects — confirm you want them before running.
What to consider before installing
This updater generally does what it says, but the package metadata understates what it needs. Before installing/running: (1) manually review the included scripts; (2) ensure the host has openclaw, git, node, npm and curl installed; (3) create and protect the ~/.openclaw/.telegram-notify.env file (chmod 600) if you want notifications; (4) be aware pre-update will auto-initialize/git-commit workspaces and backup config to /tmp (consider securing the backup location); (5) expect the updater to run npm install -g and restart the gateway — run in a controlled environment or test with --dry-run/--test-notify first. If you want stronger guarantees, ask the author to update the registry metadata to declare required binaries and env vars and to avoid using /tmp for sensitive backups.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dxzfef5st1ds729q4tbgsd981p12amaintenancevk97dxzfef5st1ds729q4tbgsd981p12asafetyvk97dxzfef5st1ds729q4tbgsd981p12aupdatevk97dxzfef5st1ds729q4tbgsd981p12a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments