← Back to Skills Marketplace
2629
Downloads
2
Stars
4
Active Installs
2
Versions
Install in OpenClaw
/install update-plus
Description
Full backup, update, and restore for OpenClaw - config, workspace, and skills with auto-rollback
Usage Guidance
This package appears to do what it says, but it will read and archive user config and workspace files and can upload backups to configured cloud remotes and install a cron job. Before installing or running: 1) Inspect and edit ~/.openclaw/update-plus.json to restrict backup_paths to only the directories you want backed up; 2) keep remote storage disabled until you have configured and verified your rclone remote and understand where backups will be sent; 3) enable GPG encryption if backups include sensitive files and configure GPG_RECIPIENT; 4) run update-plus with --dry-run first to preview actions; 5) be aware it performs git pull on your skills directories (so remote repo changes can be applied automatically) and can create a cron entry — only enable automated updates if you trust your skills' remote origins. If you need higher assurance, review the GitHub repo history/owner (hopyky) before cloning and consider running the scripts in a controlled environment first.
Capability Analysis
Type: OpenClaw Skill
Name: update-plus
Version: 4.0.3
The skill 'update-plus' provides comprehensive backup, update, and restore functionalities, utilizing powerful system commands like `rsync`, `tar`, `gpg`, `rclone`, `git`, package managers (`npm`, `pnpm`, `yarn`, `bun`), and `crontab`. While these capabilities are plausibly needed for its stated purpose (e.g., file system access for backups, network access for updates/cloud sync, cron for scheduled tasks), they represent high-risk operations. Specifically, the installation of a cron job (`bin/lib/cron.sh`) creates a persistence mechanism, and the use of `eval` with `rsync_args` (`bin/lib/backup.sh`) introduces a minor risk, even if driven by user configuration. There is no clear evidence of intentional malicious behavior or prompt injection against the agent, but the broad permissions and high-risk capabilities without explicit malicious intent warrant a 'suspicious' classification.
Capability Assessment
Purpose & Capability
The name/description (backup, update, restore OpenClaw) matches the requested binaries (git, jq, rsync) and the code. Optional behaviors (rclone, gpg, npm/pnpm detection, openclaw CLI integration) are expected for cloud sync, encryption, and updating OpenClaw. There are some leftover legacy/default path fallbacks (clawdbot/clawd) but they do not contradict the stated purpose.
Instruction Scope
SKILL.md and the scripts explicitly operate on user config and workspace directories (~/.openclaw, workspace, skills), create compressed archives, optionally encrypt and upload them, run git fetch/pull to update skills, and can install a cron job. All of this is within the advertised scope, but these actions will read and archive potentially sensitive files (configs/credentials) and will pull and apply code changes from remote git repositories — the user should confirm backup_paths and remote upload settings before running.
Install Mechanism
There is no exotic install mechanism: the SKILL.md instructs cloning from a GitHub repository (https://github.com/hopyky/update-plus.git) and creating a symlink under ~/bin. No downloads from shorteners/personal IPs or automated extract-from-untrusted-URLs are present in the packaged files. The skill itself is distributed as shell scripts which will run when invoked.
Credentials
The skill declares no required environment variables and the scripts get configuration from ~/.openclaw/update-plus.json. Optional settings (GPG recipient, rclone remote, notification target) are sensible for encryption, remote upload, and notifications. It does not request unrelated credentials in the registry metadata; however, the tool will back up any paths you configure — including files containing secrets — so remote-upload credentials (rclone) and GPG recipients must be configured securely if you enable those features.
Persistence & Privilege
always:false (no forced global inclusion). The skill can install a cron job and create a ~/bin symlink (both are user-level persistent changes) and can perform repeated autonomous updates when scheduled. Installing cron jobs and symlinks is consistent with an updater tool, but these are persistent actions the user must approve.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install update-plus - After installation, invoke the skill by name or use
/update-plus - Provide required inputs per the skill's parameter spec and get structured output
Version History
v4.0.3
v4.0.3: Check updates before backup, use curl for connection check
v3.0.0
Renamed to update-plus, moltbot support, connection retry for cron jobs
Metadata
Frequently Asked Questions
What is Update Plus?
Full backup, update, and restore for OpenClaw - config, workspace, and skills with auto-rollback. It is an AI Agent Skill for Claude Code / OpenClaw, with 2629 downloads so far.
How do I install Update Plus?
Run "/install update-plus" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Update Plus free?
Yes, Update Plus is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Update Plus support?
Update Plus is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Update Plus?
It is built and maintained by hopyky (@hopyky); the current version is v4.0.3.
More Skills