← Back to Skills Marketplace
OpenClaw Update Checker
by
Paul Frederiksen
· GitHub ↗
· v1.1.1
610
Downloads
0
Stars
5
Active Installs
5
Versions
Install in OpenClaw
/install openclaw-update-checker
Description
Check for OpenClaw updates by comparing installed version against the npm registry. Use when: user asks about updates, version status, or 'is openclaw up to...
Usage Guidance
This skill is coherent and low-risk: it only reads two global npm package.json paths and makes a single HTTPS request to the public npm registry. Before installing, note that (1) the checker will only find a globally-installed OpenClaw at the two hard-coded paths — it will not detect project-local installs; (2) the agent invoking the skill needs outbound HTTPS access to registry.npmjs.org; and (3) the script runs as the agent user, so it can only read files that user can access. If you do not want any outbound network calls, do not enable the skill or restrict network access. If you want extra assurance, you can inspect the included script (scripts/check_update.py) yourself — it is small and contains the full behavior.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-update-checker
Version: 1.1.1
The OpenClaw Update Checker skill is benign. Both the `SKILL.md` documentation and the `scripts/check_update.py` code consistently describe and implement a read-only operation. The skill only reads specific `package.json` files at hardcoded paths (`/usr/lib/node_modules/openclaw/package.json`, `/usr/local/lib/node_modules/openclaw/package.json`) and performs a single HTTPS GET request to the public npm registry (`https://registry.npmjs.org/openclaw`). The Python script uses only standard library functions (`pathlib`, `urllib.request`, `json`, `re`) and explicitly avoids subprocess execution, file writing, or any other system modifications. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent.
Capability Assessment
Purpose & Capability
Name/description match the code and instructions: the script reads known global npm package.json locations and queries https://registry.npmjs.org/openclaw to compare versions. No unrelated credentials, binaries, or packages are requested.
Instruction Scope
SKILL.md and the bundled script are specific and limited: they only read two explicit file paths and perform a single HTTPS GET to the npm registry. There are no instructions to read other system files, environment variables, or to transmit data to unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only behavior) and the provided Python script is small and transparent. Nothing is downloaded from third-party URLs or extracted during install.
Credentials
The skill declares no required environment variables or credentials and the code does not access environment variables. It does require outbound HTTPS access to the npm registry, which is proportionate to its purpose.
Persistence & Privilege
The skill does not request permanent presence (always:false), does not modify other skills or system configuration, and is read-only in behavior as claimed.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-update-checker - After installation, invoke the skill by name or use
/openclaw-update-checker - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.1
Fixed SKILL.md to accurately describe implementation: documents package.json file reads and HTTPS request to registry.npmjs.org. Added System Access section.
v1.1.0
Removed all subprocess calls. Reads package.json directly, queries npm registry via stdlib urllib. Zero shell execution.
v1.0.2
Security: removed update/restart instructions from SKILL.md, removed update_command from script output. Skill is now strictly read-only — reports version status only.
v1.0.1
Hardened for VirusTotal: explicit shell=False, specific exception types, return code checks, type hints
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is OpenClaw Update Checker?
Check for OpenClaw updates by comparing installed version against the npm registry. Use when: user asks about updates, version status, or 'is openclaw up to... It is an AI Agent Skill for Claude Code / OpenClaw, with 610 downloads so far.
How do I install OpenClaw Update Checker?
Run "/install openclaw-update-checker" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Update Checker free?
Yes, OpenClaw Update Checker is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenClaw Update Checker support?
OpenClaw Update Checker is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw Update Checker?
It is built and maintained by Paul Frederiksen (@pfrederiksen); the current version is v1.1.1.
More Skills