← 返回 Skills 市场
394
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install openclaw-safe-update
功能描述
Safely verify and apply OpenClaw upgrades with isolated sidecar checks. Use when asked to update OpenClaw, verify a target version before upgrading, avoid gl...
安全使用建议
This skill appears to do what it says: it downloads a candidate OpenClaw version into ~/.openclaw/versions, runs that candidate in an isolated sidecar on localhost to verify startup, and only performs a global npm -g install when explicitly asked. Before installing: 1) Understand that the script will download and execute code from the public npm registry (this is necessary for verifying the real package but is an execution risk). 2) Review the log at ~/.openclaw/logs/openclaw-sidecar-verify.log if verification fails. 3) Be aware that applying the upgrade runs npm install -g and may require sudo — only allow apply with explicit, informed consent. 4) If you need stronger isolation, run the script inside a disposable VM/container or audit the specific package version you plan to install. If you want higher assurance, request cryptographic signatures or a vetted release channel instead of arbitrary npm versions.
功能分析
Type: OpenClaw Skill
Name: openclaw-safe-update
Version: 1.0.1
The skill provides a legitimate and safety-conscious workflow for updating the OpenClaw software. The core script, `scripts/openclaw-safe-update.sh`, implements an isolation-first approach by installing candidate versions into a local directory (`~/.openclaw/versions`) and verifying them via a sidecar process before performing a global upgrade. It includes proper cleanup logic, port collision detection, and explicitly requires user confirmation via the `--apply` flag as instructed in `SKILL.md`, showing no signs of malicious intent or unauthorized data access.
能力评估
Purpose & Capability
Name/description (safe, isolated verify-first upgrades) aligns with required binaries (openclaw, node, npm, curl, bash), the included script, and the platform reference docs. All requested tools are expected for performing an npm-based sidecar verification and global npm install when applying.
Instruction Scope
SKILL.md instructs the agent to run the bundled script and to default to verify-only, inspect logs on failure, and only apply on explicit confirmation. The script only touches ~/.openclaw (versions and logs), uses npm/node to fetch and run the candidate package locally, probes a loopback port, and does not read unrelated system files or exfiltrate data. Behavior stays within the described upgrade/verification scope.
Install Mechanism
No external install spec (instruction-only with included script). The script uses npm to download package versions from the public npm registry and then executes the candidate's entrypoint with node. This is coherent for verifying a package but means the skill will download and execute third-party code from npm into the user's home directory — expected for the task but intrinsically higher-risk than pure configuration actions.
Credentials
The skill declares no required credentials and only uses common env overrides (OPENCLAW_VERSIONS_DIR, LOG_DIR, SIDECAR_*). There are no requests for unrelated secrets or system credentials. The need for sudo on global npm installs is noted in docs and is a standard platform permission issue, not a hidden credential request.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. It will create files under ~/.openclaw (candidate installs and logs) and may perform global npm install when run with --apply (which can require elevated permissions). The script itself defaults to verify-only and only applies when given --apply; however the agent could invoke the script with --apply if misused — the SKILL.md relies on the agent to ask for explicit user confirmation before applying.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-safe-update - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-safe-update触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Docs update: add cron templates and clarify scheduled usage, behavior, and safety notes.
v1.0.0
Initial stable release: verify-first isolated updater with auto port selection, safe apply flow, candidate pruning, and clear failure diagnostics.
元数据
常见问题
OpenClaw Safe Update 是什么?
Safely verify and apply OpenClaw upgrades with isolated sidecar checks. Use when asked to update OpenClaw, verify a target version before upgrading, avoid gl... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 394 次。
如何安装 OpenClaw Safe Update?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-safe-update」即可一键安装,无需额外配置。
OpenClaw Safe Update 是免费的吗?
是的,OpenClaw Safe Update 完全免费(开源免费),可自由下载、安装和使用。
OpenClaw Safe Update 支持哪些平台?
OpenClaw Safe Update 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenClaw Safe Update?
由 ianchenx(@ianchenx)开发并维护,当前版本 v1.0.1。
推荐 Skills