Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openclaw-update
v1.0.1OpenClaw 版本升级评估与执行技能。工作流程:(1) 检测 agent-reach 可用性(无则引导安装),(2) 检查 GitHub releases 获取最新稳定版,(3) 对比当前版本判断是否需要更新,(4) 分析版本差距和更新日志,(5) 检查 GitHub issues 评估风险,(6) 综合评估...
⭐ 0· 292·2 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the provided scripts and SKILL.md. The skill checks current version, reads GitHub releases/issues (via agent-reach), creates local backups of ~/.openclaw, and can execute updates/restarts — all expected for an updater. It does not request unrelated credentials or environment variables.
Instruction Scope
Instructions explicitly tell the agent to run system commands (openclaw, rsync, agent-reach, osascript/notify-send/powershell) and to read/write ~/.openclaw (including a credentials/ directory). That is within the tool's purpose, but backing up credentials into an unencrypted folder and writing reports under ~/.openclaw are sensitive behaviors the user should be aware of. The SKILL.md enforces a 'stop on critical issues' rule (autonomous enforcement), which is reasonable but means the skill may decline or block updates automatically.
Install Mechanism
Instruction-only skill (no install spec) with included Python scripts — low install risk. The README/SKILL.md recommends installing agent-reach via pipx from a GitHub zip and suggests running official installer via 'curl | bash' for OpenClaw; both are common but carry typical supply-chain/trust risks and should be verified by the user before running.
Credentials
The skill declares no required env vars or external credentials. It does access local files (openclaw.json, credentials/, workspace/) which is proportional to the backup/update purpose, but these are sensitive items — the skill stores backups locally (no encryption) and leaves reports in the user's home directory.
Persistence & Privilege
always:false and no automatic system-wide changes are requested. A cron_check.py exists (and README claims daily checks) but there is no automatic install of a cron job in the package; scheduling must be enabled by the user. The skill can run commands that restart the gateway — expected for an updater and not suspicious on its own.
Assessment
This skill appears to do what it says (check GitHub, assess releases/issues, backup ~/.openclaw, and perform updates/restarts). Before installing or running it, consider the following: (1) Backups include a credentials/ directory and are written to your home directory unencrypted — if those files contain secrets you should ensure they are stored/encrypted or deleted after use. (2) The skill will call system commands (openclaw update, rsync, agent-reach, notify utilities, PowerShell on Windows) and may need elevated permissions; run in a test environment first. (3) The README suggests installing agent-reach from a GitHub ZIP and suggests a 'curl | bash' installer for OpenClaw — verify the sources and prefer signed or audited installers. (4) There are minor implementation bugs (e.g., some functions reference random/string without imports in certain paths) which may cause runtime errors; review/run the Python scripts manually before granting them automated execution. (5) If you plan to enable scheduled checks or autonomous invocation, remember the skill can decide to block updates when it finds 'critical' issues; that behavior is intentional but you should confirm you want that policy. If you want a safer rollout: review the scripts, run them locally in dry-run mode, back up secrets elsewhere (or encrypt backups), and only permit the skill to perform updates after you verify outputs.Like a lobster shell, security has layers — review code before you run it.
latestvk973mxwyc0dhhnc5esjv6fpqfx82qgf9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.