ClawHub

Upgrade Openclaw

Security checks across malware telemetry and agentic risk

Overview

This OpenClaw upgrade helper is mostly aligned with its purpose, but it can update and stash the local OpenClaw installation before a clear approval gate and may send configuration data to an external model.

Review before installing if your OpenClaw configuration includes private channel, plugin, or operational details. Before running it, explicitly confirm whether `openclaw update` and any git stash should happen, use a local model or redact config before external analysis, and consider clearing the bundled `settings.json` and `state.json` so the run starts from your own choices and environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Low
Confidence
92% confidence
Finding
The skill instructs saving model configuration to a local `settings.json` file on first run without explicitly warning the user that it will persist data locally. While the stored value is not highly sensitive by itself, silent persistence can surprise users and may retain provider-selection metadata in environments where local state changes should be disclosed.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill performs `openclaw update` before the later approval gate, which means it can modify the local OpenClaw installation and possibly the working tree immediately upon invocation. This is dangerous because the user is told that findings will be presented for approval before applying, yet the update step already changes software state, creating a mismatch between user expectations and actual side effects.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill directs writing upgrade history to `state.json` and retaining details about versions, timestamps, and applied features without clearly disclosing that local state will be persisted across runs. Persistent history can expose operational metadata and create privacy or audit concerns in controlled environments if users are not informed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal