Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Update Plus
v4.0.3Full backup, update, and restore for OpenClaw - config, workspace, and skills with auto-rollback
⭐ 2· 2.5k·4 current·4 all-time
by@hopyky
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (backup, update, restore OpenClaw) matches the requested binaries (git, jq, rsync) and the code. Optional behaviors (rclone, gpg, npm/pnpm detection, openclaw CLI integration) are expected for cloud sync, encryption, and updating OpenClaw. There are some leftover legacy/default path fallbacks (clawdbot/clawd) but they do not contradict the stated purpose.
Instruction Scope
SKILL.md and the scripts explicitly operate on user config and workspace directories (~/.openclaw, workspace, skills), create compressed archives, optionally encrypt and upload them, run git fetch/pull to update skills, and can install a cron job. All of this is within the advertised scope, but these actions will read and archive potentially sensitive files (configs/credentials) and will pull and apply code changes from remote git repositories — the user should confirm backup_paths and remote upload settings before running.
Install Mechanism
There is no exotic install mechanism: the SKILL.md instructs cloning from a GitHub repository (https://github.com/hopyky/update-plus.git) and creating a symlink under ~/bin. No downloads from shorteners/personal IPs or automated extract-from-untrusted-URLs are present in the packaged files. The skill itself is distributed as shell scripts which will run when invoked.
Credentials
The skill declares no required environment variables and the scripts get configuration from ~/.openclaw/update-plus.json. Optional settings (GPG recipient, rclone remote, notification target) are sensible for encryption, remote upload, and notifications. It does not request unrelated credentials in the registry metadata; however, the tool will back up any paths you configure — including files containing secrets — so remote-upload credentials (rclone) and GPG recipients must be configured securely if you enable those features.
Persistence & Privilege
always:false (no forced global inclusion). The skill can install a cron job and create a ~/bin symlink (both are user-level persistent changes) and can perform repeated autonomous updates when scheduled. Installing cron jobs and symlinks is consistent with an updater tool, but these are persistent actions the user must approve.
Assessment
This package appears to do what it says, but it will read and archive user config and workspace files and can upload backups to configured cloud remotes and install a cron job. Before installing or running: 1) Inspect and edit ~/.openclaw/update-plus.json to restrict backup_paths to only the directories you want backed up; 2) keep remote storage disabled until you have configured and verified your rclone remote and understand where backups will be sent; 3) enable GPG encryption if backups include sensitive files and configure GPG_RECIPIENT; 4) run update-plus with --dry-run first to preview actions; 5) be aware it performs git pull on your skills directories (so remote repo changes can be applied automatically) and can create a cron entry — only enable automated updates if you trust your skills' remote origins. If you need higher assurance, review the GitHub repo history/owner (hopyky) before cloning and consider running the scripts in a controlled environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk97bbksz2e9c05n3yn4q8vhepn80884b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔄 Clawdis
Binsgit, jq, rsync