Openclaw Autoupdate
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill appears intended to update OpenClaw, but it can silently replace the installed app/CLI and restart the gateway using unverified network downloads and under-disclosed system-level commands.
Install or run this only if you trust the publisher and the OpenClaw upstream release channels. Review the shell script first, run it manually rather than letting an agent invoke it silently, and be aware it can remove/reinstall the OpenClaw app, install a global npm package, and restart the gateway.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the skill can change or break the local OpenClaw installation and gateway service, not just check for updates.
The script performs system-level update actions, including deleting/replacing the app, globally installing the CLI, and restarting the gateway, with no confirmation, dry-run, rollback, or validation before removing the existing app.
curl -L -o "$DMG_PATH" "$DMG_URL" ... rm -rf /Applications/OpenClaw.app ... cp -R "/Volumes/OpenClaw/OpenClaw.app" /Applications/ ... npm install -g openclaw@latest ... openclaw gateway restart
Only allow this to run after explicit user approval; add a dry-run, version confirmation, backup/rollback path, and validate the downloaded app before deleting the existing one.
A compromised or unexpected upstream release/package could be installed directly into the user's OpenClaw environment.
The script installs whatever is latest from GitHub and npm at runtime, without artifact checksum verification, signature verification, or version pinning.
LATEST_GITHUB=$(curl -sL "https://api.github.com/repos/openclaw/openclaw/releases/latest" ...); curl -L -o "$DMG_PATH" "$DMG_URL"; npm install -g openclaw@latest
Use signed releases or published checksums, verify the DMG and npm package before installation, and show the exact version/source to the user before proceeding.
Users may approve the skill believing it has a narrower and safer operating scope than the script actually uses.
The documentation claims the skill only uses a limited set of safe commands, but the included script also downloads a DMG, attaches it, removes /Applications/OpenClaw.app, copies a new app into /Applications, and restarts the gateway.
**本技能仅使用以下安全的命令:** ... `openclaw gateway status` ... `npm install -g openclaw` ... `openclaw gateway start` ... 纯文件读写操作
Update the documentation to list all high-impact commands and protected-path changes, and avoid framing them as merely safe file reads/writes.
Running it may require administrator or global package privileges and can affect the system-wide OpenClaw installation.
The script itself notes sudo may be needed and performs writes to /Applications plus a global npm install, which are privileged/system-wide actions. This is purpose-aligned for an updater but should be clearly declared.
# 4. 更新 Menu Bar App (需要sudo) ... rm -rf /Applications/OpenClaw.app ... cp -R "/Volumes/OpenClaw/OpenClaw.app" /Applications/ ... npm install -g openclaw@latest
Declare required privileges, OS, and binaries in metadata, and instruct users to run the updater manually in a trusted terminal.