fnOS OpenClaw Updater
ReviewAudited by ClawScan on May 2, 2026.
Overview
This skill transparently documents how to update OpenClaw via npm in its managed install directory, but it does change the local OpenClaw installation and should only be run intentionally.
Use this skill only when you deliberately want to update OpenClaw. Before running it, confirm that OPENCLAW_DATA_DIR points to the correct managed-install location, compare the current and latest versions, and be comfortable with npm installing the selected OpenClaw package.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can change the local OpenClaw/gateway version and behavior.
The skill instructs the agent to run a local npm install command that overwrites the existing OpenClaw package in a persistent managed-install directory.
cd "$OPENCLAW_DATA_DIR/openclaw" && npm install openclaw@<最新版本>
Only invoke it when you intend to update OpenClaw; verify the target directory and version first, and consider having a rollback or backup plan.
If the npm package or registry result is wrong or compromised, the update could install an unintended OpenClaw version.
The skill resolves the latest OpenClaw version from npm at run time and installs it without any artifact-shown lockfile, checksum, signature, or pinned version. This is expected for an updater but still relies on npm/package provenance.
npm view openclaw version ... npm install openclaw@<最新版本>
Confirm the version you are installing and use trusted npm registry settings; avoid running the update during suspected registry or package compromise.