ClawHub

OpenClaw Upgrade

Upgrade OpenClaw to the latest version in environments unable to access GitHub by using yarn to bypass git dependency issues.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 24 · 0 current installs · 0 all-time installs
by@hyqdq888
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (upgrade OpenClaw when GitHub is inaccessible) match the instructions: using yarn global add, checking status, switching registries, and restarting Gateway. No unrelated services, binaries, or credentials are requested.
Instruction Scope
Instructions are narrowly scoped to installing/upgrading via yarn, verifying installation, and optional restart. They do direct system-level actions (global install, which may require sudo, and restarting gateway) — these are expected for an upgrade but are impactful and should be run with caution.
Install Mechanism
The skill contains no install spec and is instruction-only (lowest installer risk). The recommended yarn global add uses the public npm/yarn ecosystem — no arbitrary download URLs are suggested.
Credentials
No environment variables, credentials, or config paths are requested. The SKILL.md only suggests changing yarn registry (e.g., to registry.npmmirror.com), which is consistent with the stated goal.
Persistence & Privilege
Skill is not forced-always, and does not attempt to persist itself or modify other skills. Autonomous invocation is allowed by default but not combined with other privilege escalations.
Assessment
This skill is coherent with its purpose, but take ordinary precautions before running system-level package installs: 1) Installing a package globally will run the package's install scripts (and scripts of its dependencies) — verify the package source and checksum when possible. 2) Prefer testing the upgrade in a staging environment first and back up configuration. 3) Global installs may require sudo and can change system-wide binaries; consider installing to a non-root environment or using a container if you need isolation. 4) If you switch registries (e.g., registry.npmmirror.com), ensure the mirror is trusted. 5) If network restrictions remain, consider obtaining the package tarball from a trusted mirror or vendor and installing it offline.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk972hrw1v44jw5dqcz7h90pwgn831z9v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

openclaw-upgrade Skill

功能

在无法访问 GitHub 的网络环境下升级 OpenClaw 到最新版本。

适用场景

  • 服务器无法直接访问 GitHub(codeload.github.com 被阻断)
  • npm update 失败,错误信息包含 ECONNRESETgit-remote 相关错误
  • 淘宝镜像、gitclone.com 等镜像站也无法解决 git 依赖问题

触发条件

用户提到:

  • "升级 openclaw"
  • "更新系统"
  • "openclaw 升级失败"
  • "npm update 失败"
  • "网络问题升级"

使用方法

方式一:使用 yarn(推荐)

yarn global add openclaw@latest

方式二:检查升级结果

openclaw status | grep Update
yarn global list --depth=0 | grep openclaw

为什么用 yarn 而不是 npm

问题根源:

  • OpenClaw 的某个依赖包(如 libsignal-node)在 package.json 中直接引用了 GitHub 仓库
  • npm 安装时会尝试从 ssh://git@github.com/https://codeload.github.com/ 下载
  • 国内服务器通常无法稳定访问这些地址

yarn 的优势:

  • yarn 在解析依赖时使用不同的策略
  • yarn 可以从 npm registry 获取已打包的 tarball,不需要直接访问 GitHub
  • yarn 的依赖解析更智能,会优先使用 registry 中的预打包版本

故障排查

如果 yarn 也失败

  1. 检查网络连接:curl -I https://registry.yarnpkg.com
  2. 尝试使用淘宝 yarn 镜像: 
    yarn config set registry https://registry.npmmirror.com
yarn global add openclaw@latest

升级后验证

# 检查版本
openclaw status

# 检查二进制文件
which openclaw

# 重启 Gateway(如果需要)
openclaw gateway restart

注意事项

  • 升级前建议备份当前配置
  • 升级后检查插件是否正常加载
  • 如果有自定义扩展,确认兼容性

案例记录

时间: 2026-03-16 环境: 阿里云 ECS (iZbp11fabmqqfedfdynx3eZ) 问题: npm update 失败 6 次,GitHub 网络不可达 解决: 使用 yarn global add openclaw@latest 成功升级到 2026.3.13

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…