ClawHub

OpenClaw Upgrader

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent OpenClaw upgrader, but it grants broad local upgrade authority and includes under-scoped delegation hooks that users should review carefully.

Install only if you intend to let this skill upgrade and repair OpenClaw on the current machine using your local Codex or Claude session. Review the selected agent, target version, generated files under ~/.openclaw, and any OPENCLAW_UPGRADER_DELEGATE_CMD setting before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill explicitly requires writing backups and result files such as `~/.openclaw/.upgrade-result.json`, and references helper scripts that may also write lock metadata and logs, yet no permissions are declared. That mismatch increases the chance of unauthorized or surprising filesystem modification at runtime and weakens the host's ability to enforce least privilege or warn users appropriately.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script is presented as a context collector, but it actively executes external AI agent CLIs (`codex exec` and `claude -p`) during preflight. That crosses from passive inspection into network-capable delegated execution and can trigger unintended side effects, credential use, or data disclosure without explicit user consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script performs live external probes of AI tools and system services without any explicit confirmation or warning to the user. In an upgrade workflow, that increases the chance of unexpected remote calls, use of authenticated sessions, and exposure of local context before the user understands delegation is happening.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The script executes whatever program path is supplied in the OPENCLAW_UPGRADER_DELEGATE_CMD environment variable without validation, allowlisting, or trust checks. In an upgrade skill that may run with elevated privileges or operational authority, a malicious or poisoned environment can redirect execution to arbitrary code, leading to command execution and system compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal