OpenClaw Self-Update

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can replace a global OpenClaw install and restart the gateway without a clear confirmation step.

Install only if you want an agent-accessible shortcut for upgrading OpenClaw. Before running it, confirm the exact version you intend to install, expect a gateway restart and possible downtime, review the OpenClaw npm release source if appropriate, and avoid sudo unless you fully trust the package and environment.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill instructs users to perform a system-wide package update and restart a running gateway service, but it does not warn about operational disruption, compatibility changes, or the trust implications of pulling and executing the latest package from a registry. In an agent skill context, this can trigger impactful host-level changes from a natural-language request like 'update yourself,' making accidental or unsafe execution more likely.

Self-Modification

High

Category: Rogue Agent
Content: #!/bin/bash # OpenClaw Self-Update Script # Updates OpenClaw to the latest version via npm set -e
Confidence: 94% confidence
Finding: Self-Update

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal