Post Update Awareness
PassAudited by ClawScan on May 5, 2026.
Overview
This update-notification skill appears benign and purpose-aligned, but it does run read-only local OpenClaw/helper commands, fetch a pinned GitHub changelog, dynamically load named optional modules for probing, and store a small version state file.
Install only if you are comfortable with the skill running read-only OpenClaw checks after updates, fetching the exact-version changelog from GitHub, probing known optional native modules, and writing a small local state file. Because the provided SKILL.md text was truncated in the scan context, review the installed skill text if you need complete assurance, and note that python3 may be needed for the plugin drift helper.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After an update, the agent may run local OpenClaw commands and fetch release notes from GitHub to prepare its summary.
The skill instructs the agent to run local commands and make a remote HTTP request. These actions are central to its update-awareness purpose and are scoped to version/changelog checks, but they are still tool use that users should notice.
{ "tool": "exec", "command": "openclaw -V" } ... curl -fsSL "https://raw.githubusercontent.com/openclaw/openclaw/v<currentVersion>/CHANGELOG.md"Keep these commands read-only and pinned to the installed version; ask before any future workflow adds update, install, rollback, or configuration mutation steps.
The skill may load installed optional modules such as sharp, ffmpeg-static, or node-pty to check whether they work.
The optional-dependency probe dynamically requires a named Node module to test whether native dependencies load. This is purpose-aligned, but requiring a module runs its top-level code, so the argument should remain limited to the known optional dependency list.
const mod = process.argv[2];
try {
require(mod);
console.log("OK");Restrict probes to an explicit allowlist of expected optional dependencies and do not pass arbitrary module names from changelog text or user input.
Plugin drift checking may silently fail or be unavailable on systems without python3.
This helper depends on python3 for JSON parsing, but the registry requirements list only openclaw, curl, and node. That is an under-declared runtime dependency rather than evidence of malicious behavior.
GATEWAY_VERSION="$GATEWAY_VERSION" PLUGIN_JSON="$PLUGIN_JSON" python3 - <<'PY'
Declare python3 as a required binary or rewrite the helper using already-declared dependencies.
A user may not realize from the privacy section alone that plugin/channel/config status may be inspected and summarized to the active channel.
The privacy section is narrower than the feature list and helper code, which also mention plugin drift checks, channel health, config rewrite surfacing, and an active-channel message. These behaviors are disclosed elsewhere and purpose-aligned, but the privacy wording could understate local reads and intended user-facing output.
Privacy The skill reads: - `openclaw -V` ... - The pinned CHANGELOG ... Nothing is sent anywhere else.
Update the privacy section to list all local reads and clarify that the intended surfaced summary may include plugin drift or channel/config status.
The skill will remember the last OpenClaw version it surfaced and stay quiet until the version changes again.
The skill keeps persistent local state to avoid repeating notifications. This is disclosed and bounded to a version/timestamp file, so it is a benign persistence note.
Run once per detected version change, then persist the new version ... state file at `${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/state/post-update-awareness.json`Keep the state file limited to version/timestamp data and document how users can reset or delete it.