← Back to Skills Marketplace

safe-update

Name: safe-update
Author: hacksing

by AIWareTop · GitHub ↗ · v1.0.6

cross-platform ✓ Security Clean

636

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install safe-update

Description

Update OpenClaw from source code. Supports custom project path and branch. Includes pulling latest branch, rebasing, building and installing, restarting serv...

Usage Guidance

This skill appears to do what it says, but review and take precautions before running it: 1) Run with DRY_RUN=true first to see planned actions. 2) Verify the upstream remote (https://github.com/openclaw/openclaw.git) is the correct/trusted repository. 3) Back up ~/.openclaw (script does this) and ensure you have commits/stashes for local changes. 4) Note that 'npm i -g .' may require sudo and will install globally; consider running in a controlled environment. 5) The SKILL.md mentions rebase/force-push workflows and a daemon reinstall step that the script does not perform — if you need rebase behavior, inspect/modify the script accordingly. 6) If you are not comfortable with the commands, run the script step-by-step manually rather than allowing an automated run.

Capability Analysis

Type: OpenClaw Skill Name: safe-update Version: 1.0.6 The skill bundle is designed to update OpenClaw from source, performing legitimate actions like git pulls, npm builds, and service restarts. Crucially, the `scripts/update.sh` file includes a `validate_branch` function that effectively sanitizes user-provided branch names, preventing shell injection vulnerabilities. The `SKILL.md` also explicitly instructs the AI agent to seek user confirmation before executing critical steps, reinforcing safety. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. All actions are aligned with the stated purpose and include appropriate safeguards.

Capability Assessment

ℹ Purpose & Capability

The skill's name/description align with the included script and SKILL.md: it updates OpenClaw from source, backups config, fetches upstream (GitHub), builds, installs globally, and restarts the gateway. Minor inconsistencies: SKILL.md warns about 'git rebase' and 'git push --force' while the provided script uses 'git merge' (no force-push). SKILL.md also mentions 'openclaw daemon install --force' in one section although the script does not run that command. These are likely documentation/script drift rather than malicious behavior.

ℹ Instruction Scope

Instructions and script operate on the project directory and user config (~/.openclaw), check git state, build with npm, and restart the per-user systemd service — all expected for an updater. They do not access unrelated system areas or exfiltrate data. The script will copy local config files to ~/.openclaw/backups and may require elevated privileges for global npm install; it prompts the user before destructive steps. The documentation suggests rebase/force-push workflows that are not implemented in the script, so behavior should be reviewed before running if you expect rebase semantics.

✓ Install Mechanism

This is an instruction-only skill with an included shell script; there is no installer that downloads arbitrary executables from untrusted URLs. The only external network operation is a git fetch from the GitHub repository upstream, which is expected for a source update.

✓ Credentials

No secret or credential environment variables are required. Optional vars (OPENCLAW_PROJECT_DIR, OPENCLAW_BRANCH, DRY_RUN) are appropriate for configuring the updater. The script reads/writes only user-local config under $HOME and uses system commands (git, npm, node, systemctl) appropriate to the task.

✓ Persistence & Privilege

Skill does not request persistent privileges or 'always' inclusion. It restarts the per-user openclaw service (systemctl --user restart) as expected for applying an update. It does not modify other skills or system-wide settings beyond reinstalling/updating the OpenClaw service.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install safe-update
After installation, invoke the skill by name or use /safe-update
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.6

Version 1.0.6 - Documentation: SKILL.md is now fully translated to English for broader accessibility. - No functional or file changes; workflow and usage remain the same. - All technical instructions, usage notes, and troubleshooting steps are now presented in English.

v1.0.5

- Now supports both merge and rebase update modes; recommends strategy based on project state. - Analyzes git status before updating and prompts user to confirm approach. - Replaces default merge with interactive choice; includes safer rebase and force-push workflows. - Prompts for manual gateway restart after update (was automatic before). - Adds systemd service reinstall step to update version numbers. - Improves clarity of workflow and command-line options in documentation.

v1.0.4

Version 1.0.4 of safe-update - No file changes detected in this release. - All features, workflow, and instructions remain the same.

v1.0.3

safe-update 1.0.3 - Switched default update method from rebase and forced push to merge, reducing risk of overwriting changes. - Clarified that script does not auto-push; user must push manually after merging. - Updated warnings and notes to highlight merge-related conflict handling. - Updated command triggers and descriptions to reference "merge" instead of "rebase." - Troubleshooting section now includes merge-specific conflict resolution steps.

v1.0.2

- Clarified default project path and common branch formats in environment variable documentation. - No changes made to core functionality or scripts. - Documentation update only; no file changes detected.

v1.0.1

- Added support for custom project path and branch via environment variables or command-line arguments. - Improved documentation with detailed configuration, warnings, and troubleshooting sections. - Enhanced pre-run checklist to emphasize backup and committed changes. - Script workflow now supports dry-run mode for safe preview. - Expanded usage examples and command-line options for greater flexibility.

v1.0.0

Safe-update skill provides a comprehensive update workflow for OpenClaw: - Automates pulling latest main branch, rebasing feature branch, building, installing, and restarting the gateway service. - Backs up key configuration and authentication files before updating. - Shows a changelog and friendly git commit summary for transparency. - Verifies the update by checking config migration and gateway health. - Can be triggered via user request to update, sync source, rebase, or rebuild OpenClaw.

Metadata

Slug safe-update

Version 1.0.6

License —

All-time Installs 1

Active Installs 1

Total Versions 7

Frequently Asked Questions

What is safe-update?

Update OpenClaw from source code. Supports custom project path and branch. Includes pulling latest branch, rebasing, building and installing, restarting serv... It is an AI Agent Skill for Claude Code / OpenClaw, with 636 downloads so far.

How do I install safe-update?

Run "/install safe-update" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is safe-update free?

Yes, safe-update is completely free (open-source). You can download, install and use it at no cost.

Which platforms does safe-update support?

safe-update is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created safe-update?

It is built and maintained by AIWareTop (@hacksing); the current version is v1.0.6.

More Skills