ClawHub

OpenClaw Update Checker

v1.1.1

Check for OpenClaw updates by comparing installed version against the npm registry. Use when: user asks about updates, version status, or 'is openclaw up to...

0· 564·5 current·5 all-time
byPaul Frederiksen@pfrederiksen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and instructions: the script reads known global npm package.json locations and queries https://registry.npmjs.org/openclaw to compare versions. No unrelated credentials, binaries, or packages are requested.
Instruction Scope
SKILL.md and the bundled script are specific and limited: they only read two explicit file paths and perform a single HTTPS GET to the npm registry. There are no instructions to read other system files, environment variables, or to transmit data to unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only behavior) and the provided Python script is small and transparent. Nothing is downloaded from third-party URLs or extracted during install.
Credentials
The skill declares no required environment variables or credentials and the code does not access environment variables. It does require outbound HTTPS access to the npm registry, which is proportionate to its purpose.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills or system configuration, and is read-only in behavior as claimed.
Assessment
This skill is coherent and low-risk: it only reads two global npm package.json paths and makes a single HTTPS request to the public npm registry. Before installing, note that (1) the checker will only find a globally-installed OpenClaw at the two hard-coded paths — it will not detect project-local installs; (2) the agent invoking the skill needs outbound HTTPS access to registry.npmjs.org; and (3) the script runs as the agent user, so it can only read files that user can access. If you do not want any outbound network calls, do not enable the skill or restrict network access. If you want extra assurance, you can inspect the included script (scripts/check_update.py) yourself — it is small and contains the full behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk977vy6t1gt2pyem3gefxajqh981j6fp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments