📦 OpenClaw Self-Update — 技能工具
v1.0.0Update OpenClaw to the latest version. Use when asked to "update yourself", "upgrade openclaw", "check for updates", or "update to latest version". Handles n...
0· 364·1 当前·1 累计
by 安全扫描
OpenClaw
安全
high confidenceThe skill's files and runtime instructions are consistent with a simple npm-based updater for OpenClaw; it performs expected actions (check version, npm install -g, restart gateway) and does not request unrelated credentials or hidden network endpoints.
评估建议
This updater appears to do only what it says: check npm, install the latest openclaw package, and restart the gateway. Before running it, verify you trust the npm 'openclaw' package owner and consider running on a test system first. Make sure Node.js/npm and the openclaw CLI are installed and in PATH (the metadata doesn't list these prerequisites). Global npm installs may require sudo and will modify system-wide packages; expect short gateway downtime while restarting. If you need stronger guara...详细分析 ▾
ℹ 用途与能力
The SKILL.md and scripts/update.sh implement exactly what the name/description promise: checking versions, running 'npm install -g openclaw@latest', restarting the gateway, and verifying the version. One minor inconsistency: metadata lists no required binaries, but both the README and the script rely on the 'npm' and 'openclaw' CLIs being present in PATH. This is an omission in metadata, not a functional mismatch.
✓ 指令范围
Instructions and the script stay within the updater's scope: they check npm for the latest package, run npm to install, restart the gateway, and show a changelog hint. The script does not read unrelated system files, access other environment variables, or send data to third-party endpoints beyond the normal npm registry.
ℹ 安装机制
There is no separate install spec; the updater uses the system's npm to fetch the package from the npm registry. This is expected for an npm-based update, but it means the operation will fetch and execute code from the public npm registry — verify the package's publisher and integrity before running on production systems.
✓ 凭证需求
The skill declares no environment variables or credentials and the script does not attempt to read secrets. It does, however, assume privileges to perform a global npm install (may require sudo) and to start/stop the gateway. Those privilege requirements are proportional to updating a globally installed CLI and restarting its service.
✓ 持久化与权限
always is false, the skill is user-invocable and does not request persistent presence or modify other skills' configurations. It does restart the OpenClaw gateway as part of its normal operation, which is appropriate for applying updates.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/3
Initial release: Auto-update OpenClaw via npm with version check, gateway restart, and verification
● 可疑
安装命令
点击复制官方npx clawhub@latest install openclaw-self-update
镜像加速npx clawhub@latest install openclaw-self-update --registry https://cn.longxiaskill.com
技能文档
Update OpenClaw to the latest version via npm.
Quick Update
# Check versions openclaw --version # Current npm show openclaw version # Latest# Update npm install -g openclaw@latest
# Restart gateway openclaw gateway restart
# Verify openclaw --version
Script
For automated updates with version checking:
bash {baseDir}/scripts/update.sh
The script will:
- Check if update is available
- Install latest version via npm
- Restart the gateway
- Show changelog summary
Manual Steps
If the script fails:
# 1. Stop gateway openclaw gateway stop# 2. Update npm package npm install -g openclaw@latest
# 3. Start gateway openclaw gateway start
# 4. Verify openclaw --version
Troubleshooting
| Issue | Solution |
|---|---|
| Permission denied | Use sudo npm install -g openclaw@latest |
| Gateway won't restart | Run openclaw gateway stop then openclaw gateway start |
| npm not found | Ensure Node.js is installed and in PATH |
Notes
openclaw updateonly works for git installs- npm installs require
npm install -g openclaw@latest - Always restart gateway after update for changes to take effect