Skill Updater
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate skill updater, but it can persistently change installed agent skills across current and global directories, so updates should be reviewed and constrained.
Use this as a review-before-update tool: run check first, inspect which paths and repositories it plans to change, then update only selected trusted skills. Avoid broad default updates across global directories unless you are comfortable changing future agent behavior in those environments.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An update could fast-forward a broader git repository or installed skill set, changing files and future agent behavior beyond the single skill the user had in mind.
The updater finds the top-level git repository from a skill path and then runs pull on that repository root. If a skill directory is inside a larger project repository, the update can affect more than just the skill folder.
find_git_root(... ["rev-parse", "--show-toplevel"] ...); ... run_git(repo_root, ["pull", "--ff-only", "origin", branch])
Run check-only first, review the reported repo_root and target paths, and restrict updates with --path or per-skill approval before running update.
A mistaken or compromised upstream skill update could affect Claude, Cursor, OpenClaw, and other local agent environments at once.
The default scope spans multiple local and global agent skill directories. Because the same skill can update those locations, a bad or unexpected update can propagate into several agent environments.
默认扫描范围包括:当前项目下的 `.claude`、`.cursor`、`.agents`... 用户主目录下的对应全局目录 ... `~/.openclaw/skills` ... `~/.openclaw/workspace/skills`
Prefer targeted paths, review JSON output before applying updates, and avoid running broad global updates automatically.
Installing or updating from an untrusted origin can replace local skill instructions or code with whatever that origin now publishes.
The updater intentionally fetches remote git origins and later updates from them. This is expected for a skill updater, but it means upstream repository trust matters.
run_git(repo_root, ["fetch", "--tags", "--prune", "origin"])
Only update skills from repositories you trust, and inspect changed skills before relying on them.