ClawHub

Oc Self Update

v1.0.2

Check for OpenClaw updates and self-update the installation. Use when the user asks to update OpenClaw, check for updates, upgrade the bot, install a new ver...

0· 318·1 current·1 all-time
by𝑠𝑝𝑖𝑑𝑒𝑦@spideystreet
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actions: checking npm and installing openclaw@<channel>. The only minor gaps: the skill metadata/source/homepage are missing (source: unknown, homepage: none) and SKILL.md references a "user-configured" channel without showing where that config is stored. These are usability/documentation issues, not evidence of misbehavior.
Instruction Scope
Instructions are limited to running the included check_update.sh (which calls npm list/npm show) and then running npm install -g openclaw@<channel> after user confirmation. The SKILL.md explicitly requires confirmation before updating and tells the agent not to restart automatically. The script does not read unrelated files or environment variables.
Install Mechanism
There is no install spec (instruction-only) and the provided script is small and readable. The update mechanism uses npm install -g, which is expected for an npm-distributed package but does execute package install scripts from the npm registry — normal for this use case but something to be aware of.
Credentials
The skill requires only the npm binary and declares no environment variables, credentials, or config paths. That is proportionate to a tool that checks and installs an npm package.
Persistence & Privilege
always is false and the skill does not request persistent/global agent privileges. It does not modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) but not by itself a red flag here.
Assessment
This skill is coherent for updating an npm package, but before installing consider: (1) the package's source/homepage is not provided here — confirm you trust the openclaw npm package and publisher; (2) npm install -g may require elevated privileges (sudo) and will run any install scripts published with the package — only proceed if you trust the registry package; (3) the skill expects a "configured channel" but doesn't show where it's stored — be prepared to ask the agent which channel to use; (4) the included check script is small and readable, but network or npm registry failures will make it report errors; (5) require explicit user confirmation before performing updates (the SKILL.md already instructs this). If you need stronger assurance, verify the openclaw package page on the npm registry and its maintainer before allowing updates.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsnpm
latestvk97d04tdyym5msk5cc9cf5qea982ary8
318downloads
0stars
4versions
Updated 1mo ago
v1.0.2
MIT-0
𝑠𝑝𝑖𝑑𝑒𝑦@spideystreet
latest
Download

OpenClaw Self-Update

OpenClaw is distributed as an npm package. Version scheme: YYYY.M.D (date-based).

Workflow

1. Check for updates

Run the check script:

{ "tool": "exec", "command": "bash {baseDir}/scripts/check_update.sh" }

Report the result to the user clearly:

  • If already up to date: say so and show current version
  • If an update is available: show current vs latest and ask for confirmation before updating

2. Apply update

Only run after user confirms. Use the channel the user configured (default: latest):

{ "tool": "exec", "command": "npm install -g openclaw@latest" }
ChannelCommand
Stable (default)npm install -g openclaw@latest
Betanpm install -g openclaw@beta
Devnpm install -g openclaw@dev

3. Confirm result

After a successful install, inform the user that a gateway restart is required for changes to take effect. Do not restart automatically — tell the user to run openclaw restart or stop/start the daemon.

✅ OpenClaw updated: {old_version} → {new_version}
⚠️ Restart the gateway: openclaw restart

4. Error handling

  • If check_update.sh fails → report the error, suggest checking network or npm config
  • If npm install fails → report the error as-is, do not retry without user input
  • If the user asks for a channel that doesn't exist → show the channel table and ask again

Examples

User saysAction
"Check for updates"Run check script, report current vs latest
"Update openclaw"Run check script, if update available ask confirmation, then install
"Switch to beta channel"Install openclaw@beta, remind to restart
"What version am I on?"Run check script, report current version

Comments

Loading comments...