Post Update Awareness
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: post-update-awareness Version: 0.2.0 The skill provides update notifications by comparing the current version against a local state file and fetching the official changelog from GitHub. It includes helper scripts to check for plugin version mismatches and verify native dependency availability (e.g., sharp, ffmpeg). The implementation follows security best practices, such as using heredocs in scripts/probe-optional-dep.sh to prevent shell injection and explicitly instructing the agent in SKILL.md not to perform automated modifications or installations without user consent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After an update, the agent may run local OpenClaw commands and fetch release notes from GitHub to prepare its summary.
The skill instructs the agent to run local commands and make a remote HTTP request. These actions are central to its update-awareness purpose and are scoped to version/changelog checks, but they are still tool use that users should notice.
{ "tool": "exec", "command": "openclaw -V" } ... curl -fsSL "https://raw.githubusercontent.com/openclaw/openclaw/v<currentVersion>/CHANGELOG.md"Keep these commands read-only and pinned to the installed version; ask before any future workflow adds update, install, rollback, or configuration mutation steps.
The skill may load installed optional modules such as sharp, ffmpeg-static, or node-pty to check whether they work.
The optional-dependency probe dynamically requires a named Node module to test whether native dependencies load. This is purpose-aligned, but requiring a module runs its top-level code, so the argument should remain limited to the known optional dependency list.
const mod = process.argv[2];
try {
require(mod);
console.log("OK");Restrict probes to an explicit allowlist of expected optional dependencies and do not pass arbitrary module names from changelog text or user input.
Plugin drift checking may silently fail or be unavailable on systems without python3.
This helper depends on python3 for JSON parsing, but the registry requirements list only openclaw, curl, and node. That is an under-declared runtime dependency rather than evidence of malicious behavior.
GATEWAY_VERSION="$GATEWAY_VERSION" PLUGIN_JSON="$PLUGIN_JSON" python3 - <<'PY'
Declare python3 as a required binary or rewrite the helper using already-declared dependencies.
A user may not realize from the privacy section alone that plugin/channel/config status may be inspected and summarized to the active channel.
The privacy section is narrower than the feature list and helper code, which also mention plugin drift checks, channel health, config rewrite surfacing, and an active-channel message. These behaviors are disclosed elsewhere and purpose-aligned, but the privacy wording could understate local reads and intended user-facing output.
Privacy The skill reads: - `openclaw -V` ... - The pinned CHANGELOG ... Nothing is sent anywhere else.
Update the privacy section to list all local reads and clarify that the intended surfaced summary may include plugin drift or channel/config status.
The skill will remember the last OpenClaw version it surfaced and stay quiet until the version changes again.
The skill keeps persistent local state to avoid repeating notifications. This is disclosed and bounded to a version/timestamp file, so it is a benign persistence note.
Run once per detected version change, then persist the new version ... state file at `${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/state/post-update-awareness.json`Keep the state file limited to version/timestamp data and document how users can reset or delete it.