Upgrade Openclaw
WarnAudited by ClawScan on May 10, 2026.
Overview
Review before installing: this skill can modify your OpenClaw installation even for a “what’s new” request and may share configuration data with external sub-agent providers.
Install only if you are comfortable with it modifying your OpenClaw setup. Before using it, clear the packaged state.json, confirm the subagent provider setting, ask it not to send secrets or full config to external providers, and require explicit approval before any update, stash, config patch, hook enablement, or skill install.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user asking only what changed could still have their local OpenClaw installation modified.
The skill can be invoked for an informational request, but its procedure performs a real OpenClaw update before presenting the report or asking for post-report approval.
Use when: user says ... "what's new in openclaw" ... Runs the update ... ### 2. Run Update ```bash openclaw update ```
Require explicit confirmation before running `openclaw update` or `git stash`, and provide a check-only path for “what’s new” requests.
OpenClaw configuration details, potentially including sensitive account or integration settings, could be sent to an external model provider.
The skill reads current gateway configuration and explicitly states that external sub-agent providers may receive config data, but it does not define redaction, secret handling, or data minimization. The included settings.json already sets a subagent model, so the conditional first-run warning may not be shown.
"Which model for upgrade sub-agents? ... Note: external providers will receive config data." ... Fetch the live schema and current config: ... Current: `gateway config.get`
Show an explicit per-run consent prompt before sending config to sub-agents, redact secrets, and limit the shared data to the fields needed for the upgrade analysis.
The skill could incorrectly believe some features or doctor fixes were already applied, causing it to skip or misreport recommendations.
The distributed package already contains runtime upgrade state. SKILL.md says this state prevents re-proposing changes, so preloaded state from the package could be trusted as if it came from the current user’s environment.
"lastUpgrade": { "from": "2026.3.2", "to": "2026.3.3", ... "featuresApplied": ["telegram-streaming-partial", "audio-echo-transcript"] }Do not ship user/runtime state in the package; initialize state.json empty or regenerate it only after a confirmed local run.
It is harder to verify which version of the instruction package is being installed or reviewed.
The provided registry metadata lists version 2.0.0, while the packaged _meta.json lists 1.0.2; the source is also unknown and no homepage is provided.
"slug": "upgrade-openclaw", "version": "1.0.2"
Confirm the package provenance and version before installing, and prefer a skill release with consistent registry and packaged metadata.