Skillv1.0.0

ClawScan security

OpenClaw Self-Update · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 12:11 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with a simple npm-based updater for OpenClaw; it performs expected actions (check version, npm install -g, restart gateway) and does not request unrelated credentials or hidden network endpoints.
Guidance: This updater appears to do only what it says: check npm, install the latest openclaw package, and restart the gateway. Before running it, verify you trust the npm 'openclaw' package owner and consider running on a test system first. Make sure Node.js/npm and the openclaw CLI are installed and in PATH (the metadata doesn't list these prerequisites). Global npm installs may require sudo and will modify system-wide packages; expect short gateway downtime while restarting. If you need stronger guarantees, inspect the package's npm page, its release notes/CHANGELOG, and verify package integrity (signatures/checksums) before performing the update on production systems.

Review Dimensions

Purpose & Capability: noteThe SKILL.md and scripts/update.sh implement exactly what the name/description promise: checking versions, running 'npm install -g openclaw@latest', restarting the gateway, and verifying the version. One minor inconsistency: metadata lists no required binaries, but both the README and the script rely on the 'npm' and 'openclaw' CLIs being present in PATH. This is an omission in metadata, not a functional mismatch.
Instruction Scope: okInstructions and the script stay within the updater's scope: they check npm for the latest package, run npm to install, restart the gateway, and show a changelog hint. The script does not read unrelated system files, access other environment variables, or send data to third-party endpoints beyond the normal npm registry.
Install Mechanism: noteThere is no separate install spec; the updater uses the system's npm to fetch the package from the npm registry. This is expected for an npm-based update, but it means the operation will fetch and execute code from the public npm registry — verify the package's publisher and integrity before running on production systems.
Credentials: okThe skill declares no environment variables or credentials and the script does not attempt to read secrets. It does, however, assume privileges to perform a global npm install (may require sudo) and to start/stop the gateway. Those privilege requirements are proportional to updating a globally installed CLI and restarting its service.
Persistence & Privilege: okalways is false, the skill is user-invocable and does not request persistent presence or modify other skills' configurations. It does restart the OpenClaw gateway as part of its normal operation, which is appropriate for applying updates.