openclaw-update
Security checks across malware telemetry and agentic risk
Overview
This updater is mostly aligned with its purpose, but it can change and restart OpenClaw and copy credential/workspace data with approval boundaries that are not fully clear.
Install only if you want an agent to help manage OpenClaw updates. Ask it to stop after the assessment until you explicitly approve backup, update, restore, or restart commands; verify the exact commands shown; protect any .openclaw backup folders because they may contain credentials and workspace data; and prefer pinned/verified installs for helper tools.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user who only wants an update assessment could have their OpenClaw installation changed or gateway restarted if the agent follows the full workflow too aggressively.
The skill is invoked for checking or assessing updates, but the described workflow also proceeds to execute update commands and automatically restart the gateway; the visible text does not clearly require explicit user approval immediately before those high-impact actions.
Use when 用户要求检查 OpenClaw 更新、评估是否升级、或执行版本更新... (8) 检测安装方式执行对应更新命令, (9) 自动重启 gateway
Require an explicit confirmation step after the assessment and before any backup, package update, installer command, restore, or gateway restart.
Backups may contain tokens, credentials, configuration, and private workspace data, increasing exposure if the backup directory is shared, synced, or left unprotected.
The backup tool intentionally copies OpenClaw credentials and workspace data into a backup directory. This is purpose-aligned for recovery, but it handles sensitive account and workspace material.
items_to_backup = [
'openclaw.json',
'credentials/',
'workspace/',
]Store backups securely, avoid sharing them, remove old backups when no longer needed, and document this sensitive-data handling in metadata or user prompts.
The code installed by this command can change over time, so a future install may not match what was reviewed.
The recommended setup installs agent-reach from a moving GitHub main-branch archive rather than a pinned release or checksum-verified artifact.
pipx install https://github.com/Panniantong/agent-reach/archive/main.zip agent-reach install --env=auto
Prefer a pinned release, commit hash, package registry version, or checksum verification before installing helper tooling.
If enabled, the skill may run update checks on a schedule and create notifications/reports outside the immediate interactive request.
The artifacts include a script intended for scheduled daily background update checks and notifications. The provided code does not install the cron job, but it documents persistence-oriented behavior.
OpenClaw Update - Cron Task Script 定时检查更新脚本 - 每天凌晨 4:00 执行
Make scheduled checks explicitly opt-in, document how to disable them, and keep the scheduled task limited to checking and notifying unless the user separately approves updates.