OpenClaw Self-Update
v1.0.0Update OpenClaw to the latest version. Use when asked to "update yourself", "upgrade openclaw", "check for updates", or "update to latest version". Handles n...
⭐ 0· 415·1 current·1 all-time
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The SKILL.md and scripts/update.sh implement exactly what the name/description promise: checking versions, running 'npm install -g openclaw@latest', restarting the gateway, and verifying the version. One minor inconsistency: metadata lists no required binaries, but both the README and the script rely on the 'npm' and 'openclaw' CLIs being present in PATH. This is an omission in metadata, not a functional mismatch.
Instruction Scope
Instructions and the script stay within the updater's scope: they check npm for the latest package, run npm to install, restart the gateway, and show a changelog hint. The script does not read unrelated system files, access other environment variables, or send data to third-party endpoints beyond the normal npm registry.
Install Mechanism
There is no separate install spec; the updater uses the system's npm to fetch the package from the npm registry. This is expected for an npm-based update, but it means the operation will fetch and execute code from the public npm registry — verify the package's publisher and integrity before running on production systems.
Credentials
The skill declares no environment variables or credentials and the script does not attempt to read secrets. It does, however, assume privileges to perform a global npm install (may require sudo) and to start/stop the gateway. Those privilege requirements are proportional to updating a globally installed CLI and restarting its service.
Persistence & Privilege
always is false, the skill is user-invocable and does not request persistent presence or modify other skills' configurations. It does restart the OpenClaw gateway as part of its normal operation, which is appropriate for applying updates.
Assessment
This updater appears to do only what it says: check npm, install the latest openclaw package, and restart the gateway. Before running it, verify you trust the npm 'openclaw' package owner and consider running on a test system first. Make sure Node.js/npm and the openclaw CLI are installed and in PATH (the metadata doesn't list these prerequisites). Global npm installs may require sudo and will modify system-wide packages; expect short gateway downtime while restarting. If you need stronger guarantees, inspect the package's npm page, its release notes/CHANGELOG, and verify package integrity (signatures/checksums) before performing the update on production systems.Like a lobster shell, security has layers — review code before you run it.
latest
OpenClaw Self-Update
Update OpenClaw to the latest version via npm.
Quick Update
# Check versions
openclaw --version # Current
npm show openclaw version # Latest
# Update
npm install -g openclaw@latest
# Restart gateway
openclaw gateway restart
# Verify
openclaw --version
Script
For automated updates with version checking:
bash {baseDir}/scripts/update.sh
The script will:
- Check if update is available
- Install latest version via npm
- Restart the gateway
- Show changelog summary
Manual Steps
If the script fails:
# 1. Stop gateway
openclaw gateway stop
# 2. Update npm package
npm install -g openclaw@latest
# 3. Start gateway
openclaw gateway start
# 4. Verify
openclaw --version
Troubleshooting
| Issue | Solution |
|---|---|
| Permission denied | Use sudo npm install -g openclaw@latest |
| Gateway won't restart | Run openclaw gateway stop then openclaw gateway start |
| npm not found | Ensure Node.js is installed and in PATH |
Notes
openclaw updateonly works for git installs- npm installs require
npm install -g openclaw@latest - Always restart gateway after update for changes to take effect
Comments
Loading comments...