Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openclaw Plugin Upgrade
v1.0.0OpenClaw 插件升级助手。当用户说「升级 qqbot 插件」「更新 openclaw-qqbot」「qqbot 更新」「帮我升级插件」「升级 openclaw 插件」等相关语句时激活。支持通用 openclaw 插件(任意 npm 包)升级,以及 QQ 机器人插件(@tencent-connect/open...
⭐ 0· 64·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description match the included script's behavior (detecting OpenClaw CLI, backing up plugin dirs, installing/updating packages, validating files, and restarting gateway). One mismatch: package metadata declares no required binaries, but the script requires 'node' and an OpenClaw CLI binary (openclaw|clawdbot|moltbot) to function — these are necessary for the stated purpose and should be declared.
Instruction Scope
SKILL.md and the script limit actions to plugin-related tasks: locating extensions/config, creating a temporary config copy to bypass 3.23+ validation, running plugins update/install, validating package.json and specified files, optionally running a plugin postinstall script, and restarting the gateway. The script reads and writes OpenClaw config and plugin directories (appropriate for an upgrader) and does not send data to external endpoints beyond normal npm/CLI network operations.
Install Mechanism
This is an instruction-only skill with a bundled shell script; there is no install spec that downloads external code. The provided script will be executed by the agent. No remote arbitrary-code download URLs were observed.
Credentials
The skill requests no environment variables or credentials in metadata (none required), and the script only uses standard filesystem locations (HOME, CLI data directory) and sets a temporary OPENCLAW_CONFIG_PATH at runtime. This is proportionate, but the script implicitly requires 'node' and the OpenClaw CLI on PATH — the metadata should list these as required binaries. The script also performs deletions (rm -rf) for legacy dirs and moves backups, which is expected but destructive if pointed at the wrong path.
Persistence & Privilege
The skill is user-invocable and not marked 'always'. It does not attempt to persist itself, modify other skills, or change global agent configuration beyond using a temporary OPENCLAW_CONFIG_PATH during execution. Autonomous invocation is allowed by platform default, but that is not unique to this skill.
Assessment
This skill appears to do exactly what it says: upgrade OpenClaw plugins by invoking the local OpenClaw CLI, manipulating plugin directories, validating files, and restarting the gateway. Before installing/using it: 1) Verify you trust the source — the script runs as shell and will modify/delete plugin directories and config files. 2) Ensure 'node' and the appropriate OpenClaw CLI (openclaw/clawdbot/moltbot) are available on PATH — the metadata currently doesn't declare these requirements. 3) Back up your OpenClaw data (or test in a staging environment) because the script performs mv/rm operations and can restart the gateway. 4) If you plan to let the agent run this autonomously, be aware it will execute shell commands on the host and perform destructive actions; prefer manual invocation unless you fully trust the skill and environment. 5) If anything about the source or intended npm package is untrusted, inspect the package contents and the script's output before allowing installation.Like a lobster shell, security has layers — review code before you run it.
latestvk970dprq8hfd8k49rpf2vgvne983qw4p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.