warn
suspicious.destructive_delete_command
- Location
- INSTALL.md:281
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
Ollama Updater
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.destructive_delete_command
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Running the installer can remove the existing Ollama installation directory and replace it with a newly downloaded version.
Why it was flagged
The updater deletes the existing Ollama library directory before installing the new version. This is scoped and consistent with an updater, but it is still a destructive system command.
Skill content
status "Cleaning up old version at $OLLAMA_INSTALL_DIR/lib/ollama"
$SUDO rm -rf "$OLLAMA_INSTALL_DIR/lib/ollama"Recommendation
Run it only when you intend to update or reinstall Ollama, and back up any local modifications under the Ollama install directory first.
What this means
The installer can change system users/groups and may require administrator approval.
Why it was flagged
The script uses sudo to create an ollama system user and modify local group membership. This is expected for a system service installer, but it changes local account permissions.
Skill content
$SUDO useradd -r -s /bin/false -U -m -d /usr/share/ollama ollama ... $SUDO usermod -a -G ollama $(whoami)
Recommendation
Review the script and run it with sudo only if you trust the skill and want system-wide Ollama installation.
What this means
If the remote repository or branch content changes unexpectedly, a user following the manual instructions could run different privileged code than the reviewed artifact.
Why it was flagged
The optional manual install path downloads a script from an unpinned GitHub main-branch URL and then runs it with sudo. This is disclosed and user-directed, but it relies on remote source integrity at install time.
Skill content
curl -fsSL https://raw.githubusercontent.com/openclaw/skills/main/ollama-updater/ollama-install.sh -o ollama-install.sh ... sudo ./ollama-install.sh
Recommendation
Prefer the packaged/reviewed script or a pinned release/tag, and inspect the downloaded script before running it with sudo.
What this means
The user is trusting the remote Ollama download endpoint and the installer to place executable files on the system.
Why it was flagged
The installer downloads Ollama binaries from the provider and extracts them into a system install directory with elevated privileges. This is central to the installer purpose, but it is high-trust execution of remote software.
Skill content
download_and_extract "https://ollama.com/download" "$OLLAMA_INSTALL_DIR" "ollama-linux-${ARCH}"
...
zstd -d -c "$TEMP_DIR/download.tar.zst" | $SUDO tar -xf - -C "${dest_dir}"Recommendation
Use trusted networks and official sources; verify checksums or signatures if Ollama provides them.
What this means
Ollama may continue running in the background and start on boot after installation.
Why it was flagged
The script installs a persistent systemd service that restarts automatically and is enabled on boot. This is normal for Ollama service setup, but it persists after the skill run completes.
Skill content
cat <<EOF | $SUDO tee /etc/systemd/system/ollama.service >/dev/null ... Restart=always ... $SUDO systemctl enable ollama
Recommendation
If you do not want a persistent service, disable or stop it after installation with systemctl.