Update Plus
WarnAudited by ClawScan on May 10, 2026.
Overview
Update Plus mostly matches its backup/update purpose, but it needs review because some shell code can execute configuration text and restore/update actions can overwrite important OpenClaw files.
Review the shell code before installing, especially the backup eval issue. Avoid untrusted configuration files, use dry-run before updates, keep backups encrypted if syncing to cloud storage, verify restore targets before confirming, and only enable cron if you accept unattended changes to OpenClaw and installed skills.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A backup operation could execute unintended shell commands if the update-plus configuration is modified maliciously or copied from an untrusted source.
Exclude patterns and paths are read from the JSON configuration, concatenated into shell text, and then executed with eval. A poisoned or malformed config value containing shell metacharacters could run commands during backup.
rsync_args+=" --exclude=$exclude" ... eval rsync $rsync_args "$dir_path/" "$tmp_backup_dir/$dir_label/"
Do not use untrusted update-plus.json content. The maintainer should replace eval/string-built arguments with a Bash array such as rsync_args+=(--exclude="$exclude").
A restore could overwrite or delete files in an unexpected directory, especially if the current config is missing or --force is used.
Although the skill is described as OpenClaw-only, fallback restore targets include legacy .clawdbot paths, and rsync --delete can remove files in the selected target. The restore plan is shown unless --force is used, but the defaults are still risky.
restore_map["config"]="${HOME}/.clawdbot" ... if rsync -a --delete "$tmp_dir/$label/" "$target/"Verify the restore plan carefully before confirming, avoid --force unless you are certain, and update the fallback mappings to OpenClaw paths.
OpenClaw and skills may be updated automatically later without an interactive review at that time.
The skill can install a persistent cron entry that runs update-plus update on a schedule. This is documented and removable, but it creates unattended ongoing behavior.
local cron_cmd="${cron_schedule} PATH=${cron_path} ${script_path} update >> ${log_path} 2>&1" ... } | crontab -Install the cron job only if you want unattended updates, keep backups enabled, and use update-plus uninstall-cron or crontab -e to remove it.
If cloud sync is enabled, backups containing configuration, credentials, or logs may leave the local machine.
The example configuration acknowledges that backups can include credentials and logs, and it also supports remote storage. Remote upload is disabled by default, but enabling it can move sensitive OpenClaw data to a cloud provider.
"description": "System config, credentials, logs" ... "remote_storage": { "enabled": false, "rclone_remote": "gdrive:", "path": "openclaw-backups" }Keep remote_storage disabled unless needed, enable GPG encryption before cloud upload, and review backup_paths/exclude rules to avoid backing up secrets unnecessarily.
You may run mutable or unreviewed code from the external repository, which is especially important for a tool that updates and restores the agent environment.
Installation is documented as an unpinned GitHub clone and symlink. The reviewed manifest does not include the referenced bin/update-plus entrypoint, so the code a user runs may differ from the reviewed package.
git clone https://github.com/hopyky/update-plus.git ~/.openclaw/skills/update-plus ... ln -sf ~/.openclaw/skills/update-plus/bin/update-plus ~/bin/update-plus
Install from a reviewed release or pin a specific commit/tag, and verify the bin/update-plus entrypoint before running it.