ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Safe Update/Merge

v1.3.0

Safely merge upstream OpenClaw updates without destroying plugin/skill injections, custom UI tabs, or workspace features. Two-phase: Phase 1 (automated) merg...

0· 577·3 current·3 all-time
by@maverick-software
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the actual files and requirements. The skill needs git and REPO_DIR (expected). Optional tools (claude CLI, python3, systemctl) are directly justified in SKILL.md: claude for auto-resolve, python3 for preflight report, systemctl to restart the gateway. The manifest and protected-file list align with preserving custom UI/plugins during merges.
Instruction Scope
Instructions perform repository operations (fetch, worktree dry-run, merges), builds (npm/pnpm), an in-place restart of the gateway (systemctl --user restart openclaw-gateway), and optional conflict resolution via the claude CLI. All of these are within the merger/updater scope, but they are high-impact: building may run install scripts and network downloads, restarting the gateway affects live service, and using the claude CLI sends redacted file content to an external service. The skill documents a redaction step and asserts the model is invoked with limited tools, but redaction is pattern-based and may miss secrets; the redaction map is written to a temp file (mode-700) and deleted after restoration — this reduces risk but does not eliminate it. Overall scope is coherent but warrants caution.
Install Mechanism
No install spec — the skill is instruction-and-script based and does not download arbitrary binaries at install time. All provided scripts and source files are bundled with the skill (no external URL downloads or extract steps described). This is the lower-risk model for install mechanisms.
Credentials
Only REPO_DIR is required; other env vars (UPSTREAM_REMOTE, TARGET_REMOTE, TARGET_BRANCH, PACKAGE_MGR) are optional and expected. ANTHROPIC_API_KEY is optional and only needed for automated conflict resolution via the claude CLI; if set it is used locally by the claude CLI to contact the vendor. No unrelated credentials are requested. However: using the Anthropic CLI means redacted repository content (and thereby potentially sensitive snippets) will be transmitted to an external model — redaction mitigates but may not guarantee removal of every secret. Also the script may exercise git push (which uses your existing SSH/HTTP credentials) and systemctl (which affects user services).
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform-wide privileges. It does, however, perform actions with meaningful side effects when run: restarts openclaw-gateway, may force-push to a remote branch during --promote, and deletes temporary branches. Those are intentional for the skill's purpose but are high impact — users must explicitly run the promotion step. The skill does not modify other skills or system configurations beyond restarting the service and manipulating git branches.
Assessment
This skill appears to do what it says, but it performs high-impact operations. Before running: - Run the provided dry-run/preflight (scripts/preflight.sh / --dry-run) first and inspect /tmp/safe-merge/preflight-report.json. - Backup your repo (or create a clone) and ensure you can recover if the force-push or branch deletion is misapplied. - Inspect scripts/safe-merge-update.sh and scripts/redact-secrets.sh locally to confirm behavior (the repo contains these scripts). Don't run them as root; run them as your normal user. - If you do not want any external model involvement, do not set ANTHROPIC_API_KEY and run with --no-auto-resolve; resolve conflicts manually with --resume. - Be aware that building (npm/pnpm install) can run package install scripts and pull from the network — run in a safe environment first. - The redaction step is pattern-based and stores a temporary redaction map on disk (mode-700) briefly; treat that as sensitive data and verify it is removed after runs. - Confirm TARGET_REMOTE/TARGET_BRANCH point to the intended fork/branch before using --promote to avoid accidental force-push. If you want greater assurance, run the merge process in a disposable environment or CI runner first and audit the scripts' full contents (particularly safe-merge-update.sh) before using the automatic conflict resolution option.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a5xjwtbpe154msjbzf6011s8265gy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
Binsgit
EnvREPO_DIR

Comments