← Back to Skills Marketplace
Upgrade Openclaw
by
Decentraliser🌵
· GitHub ↗
· v2.0.0
592
Downloads
0
Stars
3
Active Installs
4
Versions
Install in OpenClaw
/install upgrade-openclaw
Description
Upgrade OpenClaw and comprehensively discover new features, config options, hooks, and improvements. Use when: user says "upgrade openclaw", "update openclaw...
Usage Guidance
This skill appears to do what it says (upgrade and audit OpenClaw) but has two important risks to weigh before installing: 1) It reads live gateway configuration and changelogs and will present every new config key or changelog entry, which can include secrets (API keys, tokens, credentials). 2) It asks you to choose a subagent model and warns 'external providers will receive config data' — if you pick an external model (Anthropic, Deepseek, etc.), your config could be sent off-platform. Recommendations: review SKILL.md fully; if you must run it, pick a local/on-prem model for subagents or ensure no secrets are present in gateway config; back up ~/openclaw and stash important changes manually before running; inspect and remove/rotate any sensitive values in gateway config or limit the tool to dry-run/audit-only modes; confirm you will approve any apply actions (the skill claims it will not apply without explicit approval). Also note minor metadata mismatches (embedded _meta.json version differs from registry version) — not necessarily malicious but worth checking with the skill author if you rely on provenance.
Capability Analysis
Type: OpenClaw Skill
Name: upgrade-openclaw
Version: 2.0.0
The skill performs system-level upgrades and configuration audits, which involves reading the full application configuration and potentially sending it to external LLM providers for 'gap analysis'. While the skill is transparent about this behavior in SKILL.md and requires user approval before applying changes, the broad access to system settings and the practice of passing potentially sensitive configuration data to external APIs presents a significant risk of data exposure. Files involved: SKILL.md, settings.json.
Capability Assessment
Purpose & Capability
Name/description align with required binaries (openclaw, clawhub, curl) and the operations (update, changelog diff, schema/config auditing, hooks, clawhub). The requested tools are appropriate for the stated upgrade/audit purpose.
Instruction Scope
SKILL.md instructs the agent to read live gateway config (gateway config.get), schema, local changelog (~/openclaw/CHANGELOG.md), hooks, and run openclaw update and git stash/pop. It mandates presenting every changelog entry and every new config option. It does not instruct redaction of sensitive values and explicitly notes that 'external providers will receive config data' when a remote subagent model is selected—this could expose secrets or sensitive config to third-party models.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing will be written to disk by an installer beyond the skill's own settings/state files. Low install risk.
Credentials
The skill declares no required env vars, yet it instructs sending live config data to subagents (which may be external models). There is no guidance or enforcement around API keys, redaction, or limiting what parts of config are shared. This is disproportionate because the skill can exfiltrate sensitive configuration/credentials via model queries without declaring or controlling credential usage.
Persistence & Privilege
The skill persists settings.json and state.json in its directory (expected for tracking upgrades) and runs git stash/pop in the user's openclaw repo as part of the update flow. It does not request always:true or system-wide privileges, but its use of git stash/pop can modify the user's working tree and should be run only with explicit user approval (the SKILL.md does require approval before applying changes).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install upgrade-openclaw - After installation, invoke the skill by name or use
/upgrade-openclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
v2: Local CHANGELOG.md diffing instead of useless llms.txt. Config schema gap analysis. Relevance filtering by enabled channels/plugins. State persistence (state.json). Git stash handling. Categorized reports (Features/Fixes/Security/Breaking). Comprehensive report guarantee — nothing missed.
v1.0.2
Fix: declare required bins; fix clawdhub typo; add provider privacy warning; tighten approval
v1.0.1
Updated display name
v1.0.0
Initial commit
Metadata
Frequently Asked Questions
What is Upgrade Openclaw?
Upgrade OpenClaw and comprehensively discover new features, config options, hooks, and improvements. Use when: user says "upgrade openclaw", "update openclaw... It is an AI Agent Skill for Claude Code / OpenClaw, with 592 downloads so far.
How do I install Upgrade Openclaw?
Run "/install upgrade-openclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Upgrade Openclaw free?
Yes, Upgrade Openclaw is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Upgrade Openclaw support?
Upgrade Openclaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Upgrade Openclaw?
It is built and maintained by Decentraliser🌵 (@decentraliser); the current version is v2.0.0.
More Skills