ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Upgrade Openclaw

v2.0.0

Upgrade OpenClaw and comprehensively discover new features, config options, hooks, and improvements. Use when: user says "upgrade openclaw", "update openclaw...

0· 533·3 current·3 all-time
byDecentraliser🌵@decentraliser
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with required binaries (openclaw, clawhub, curl) and the operations (update, changelog diff, schema/config auditing, hooks, clawhub). The requested tools are appropriate for the stated upgrade/audit purpose.
!
Instruction Scope
SKILL.md instructs the agent to read live gateway config (gateway config.get), schema, local changelog (~/openclaw/CHANGELOG.md), hooks, and run openclaw update and git stash/pop. It mandates presenting every changelog entry and every new config option. It does not instruct redaction of sensitive values and explicitly notes that 'external providers will receive config data' when a remote subagent model is selected—this could expose secrets or sensitive config to third-party models.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing will be written to disk by an installer beyond the skill's own settings/state files. Low install risk.
!
Credentials
The skill declares no required env vars, yet it instructs sending live config data to subagents (which may be external models). There is no guidance or enforcement around API keys, redaction, or limiting what parts of config are shared. This is disproportionate because the skill can exfiltrate sensitive configuration/credentials via model queries without declaring or controlling credential usage.
Persistence & Privilege
The skill persists settings.json and state.json in its directory (expected for tracking upgrades) and runs git stash/pop in the user's openclaw repo as part of the update flow. It does not request always:true or system-wide privileges, but its use of git stash/pop can modify the user's working tree and should be run only with explicit user approval (the SKILL.md does require approval before applying changes).
What to consider before installing
This skill appears to do what it says (upgrade and audit OpenClaw) but has two important risks to weigh before installing: 1) It reads live gateway configuration and changelogs and will present every new config key or changelog entry, which can include secrets (API keys, tokens, credentials). 2) It asks you to choose a subagent model and warns 'external providers will receive config data' — if you pick an external model (Anthropic, Deepseek, etc.), your config could be sent off-platform. Recommendations: review SKILL.md fully; if you must run it, pick a local/on-prem model for subagents or ensure no secrets are present in gateway config; back up ~/openclaw and stash important changes manually before running; inspect and remove/rotate any sensitive values in gateway config or limit the tool to dry-run/audit-only modes; confirm you will approve any apply actions (the skill claims it will not apply without explicit approval). Also note minor metadata mismatches (embedded _meta.json version differs from registry version) — not necessarily malicious but worth checking with the skill author if you rely on provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk973tqc9v44a26bghdxpdw6hyn82bbde

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚀 Clawdis
Binsopenclaw, curl, clawhub

Comments