ClawHub

OpenClaw Verified Upgrade

Security checks across malware telemetry and agentic risk

Overview

This skill is a safety checklist for OpenClaw upgrades, with local inspection and backup steps that are disclosed and gated by user approval.

Install only if you want an agent to help with OpenClaw upgrades and you are comfortable with it inspecting local OpenClaw configuration, service status, plugin versions, and logs. Review each confirmation prompt carefully before allowing mutations such as upgrades, restarts, rollback, daemon edits, sudo, cleanup, reinstall, or config changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## Common Failure Modes This Skill Prevents

- Upgrading `which openclaw` while LaunchAgent keeps running a different binary.
- Claiming completion after package install without checking gateway runtime.
- Treating a scheduled restart as a completed restart.
- Assuming old commands/flags work on every OpenClaw version.
- Recommending latest when stable is safer.
Confidence
75% confidence
Finding
without checking

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Skipping release notes and discovering breaking changes after the system is down.
- Having a backup that was never read back and cannot be restored.
- Retrying a partial upgrade until the original state is lost.
- Rolling back config/version without approval.
- Calling gateway healthy while Feishu, agent routes, models, memory, or plugins are broken.
- Treating the host version as proof of completion while an official plugin has drifted to a newer, incompatible version.
Confidence
75% confidence
Finding
without approval

Self-Modification

High
Category
Rogue Agent
Content
- Status/health/doctor commands.
- Gateway lifecycle commands.
- Config validation/apply commands.
- Update/self-update commands.
- Logs command/location.

For critical commands, record what success means. Example: a restart command may only schedule a restart; it is not proof that the new gateway is running.
Confidence
90% confidence
Finding
self-update

Session Persistence

Medium
Category
Rogue Agent
Content
### 7. Verified Backup Gate

Before any mutation, create a timestamped local backup directory, e.g.:

```text
~/.openclaw/backups/openclaw-upgrade/YYYYMMDD-HHMMSS/
Confidence
60% confidence
Finding
create a timestamped local backup directory, e.g.: ```text ~/.openclaw/backups/openclaw-upgrade/YYYYMMDD-HHMMSS/ ``` Minimum backup manifest: - `openclaw.json` or actual config path. - Current CLI

Session Persistence

Medium
Category
Rogue Agent
Content
- Current OpenClaw CLI version and path.
- Package/install source: npm, pnpm, brew, source checkout, bundled binary, unknown.
- Running gateway manager: LaunchAgent, systemd, manual process, OpenClaw-managed, unknown.
- Service command/path from service manager, e.g. LaunchAgent plist or process command line.
- Running process command line and binary path when available.
- Config path used by CLI and service.
- Node/npm/brew versions only if relevant to the detected install method.
Confidence
75% confidence
Finding
plist

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal