← 返回 Skills 市场
gejiliang

OpenClaw Upgrader

作者 Leon Ge · GitHub ↗ · v0.1.1 · MIT-0
cross-platform ⚠ suspicious
250
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install openclaw-upgrader
功能描述
Upgrade OpenClaw to a specific version or latest using a cross-platform, Codex-supervised flow. Use when the user asks to upgrade or update OpenClaw. OpenCla...
安全使用建议
This skill is coherent with its upgrade purpose, but review before installing: - Inspect the scripts (already included) yourself. collect-upgrade-context.sh captures `ps aux` lines and `openclaw status` output and writes them to JSON under ~/.openclaw — these may include sensitive command-line arguments or other secrets. If you use secrets on command lines or place tokens in process args, this collector can leak them into the context file. - Ensure ~/.openclaw and the lock files are created with appropriate filesystem permissions and that you trust local users who can read them. - The skill probes and runs local agent CLIs (codex/claude). Those probes execute code locally; only allow this skill if you trust those agents and their authentication state. - The upgrader hands off the entire upgrade flow to a delegated coding agent which runs with the invoking user's privileges — that agent can execute arbitrary commands as part of the upgrade. Only permit delegation to trusted, well-audited agent binaries or supply a controlled OPENCLAW_UPGRADER_DELEGATE_CMD. - If you want to reduce information exposure, sanitize or restrict what the collector records (avoid passing tokens on CLI args, or modify the script to redact sensitive fields before writing JSON). If you want a safer acceptance: 1) run the scripts manually in a test environment to observe outputs, 2) confirm no secrets are present in process args or status output, and 3) set a controlled delegate command rather than allowing an interactive agent spawn.
功能分析
Type: OpenClaw Skill Name: openclaw-upgrader Version: 0.1.1 The skill implements a complex upgrade workflow for OpenClaw by delegating execution to local coding agents (Codex or Claude Code). It utilizes scripts such as `collect-upgrade-context.sh` and `run-upgrade-delegation.sh` to gather system metadata, configuration paths, and service manager status (systemd/launchctl), while enforcing a host-level execution lock. While the logic is aligned with the stated purpose of a cross-platform upgrader and includes safety features like JSON escaping and concurrency locks, the skill's high-risk capabilities—including service manipulation, package manager interaction, and the execution of external AI CLI tools—meet the threshold for a suspicious classification.
能力评估
Purpose & Capability
The declared purpose (same-host OpenClaw upgrade via a delegated local coding agent) matches the included scripts and SKILL.md: they collect local context, claim a host-level lock, probe for Codex/Claude, and hand off the upgrade. No unrelated cloud credentials or remote orchestration tools are requested. The only minor mismatch is that the skill reads several OPENCLAW_* environment variables (OPENCLAW_CONFIG_PATH, OPENCLAW_STATE_DIR, OPENCLAW_PROFILE, etc.) even though requires.env lists none — these env vars are relevant to the upgrade purpose, but their presence should be noted.
Instruction Scope
The scripts collect machine-readable context and write it to files under the user's home directory (~/.openclaw). They run commands like `ps aux`, `systemctl`/`launchctl`, and `openclaw status` and then include matched lines (service identity, process lines, status output) in JSON. Captured process lines or status output can include command-line arguments or other sensitive information (e.g., tokens passed on the command line). The collector also runs `codex exec` and `claude` probes (invoking local agent CLIs), which executes local tooling as part of a liveness preflight. The overall delegation model requires spawning a local coding agent that can execute arbitrary actions — intended for the task, but high-scope: the delegated agent will carry out the upgrade and can run commands with the agent's privileges.
Install Mechanism
Instruction-only skill with included helper scripts; there is no network download, package install, or third-party install step. The risk surface from installation is low because nothing is fetched or installed automatically.
Credentials
No required credentials are declared, which is appropriate. The scripts do read several environment variables (OPENCLAW_CONFIG_PATH, OPENCLAW_STATE_DIR, OPENCLAW_PROFILE, OPENCLAW_UPGRADER_LOCK_DIR, OPENCLAW_UPGRADER_RUN_ID, OPENCLAW_UPGRADER_DELEGATE_CMD) and will honor overrides via these vars. These variables are relevant to the upgrade operation, but the SKILL.md/metadata do not declare them explicitly — users should be aware the skill will consult and use them if present. The scripts also invoke local agent CLIs which implicitly depend on those CLIs' auth state; that is expected but worth noting.
Persistence & Privilege
The skill is not always: true and does not persist as a global plugin. It writes and holds a host-level lock directory (default ~/.openclaw/openclaw-upgrader.lock) and context/result JSON files under ~/.openclaw. The lock-handling behavior is deliberate: the collector claims the lock and the outer runner may intentionally remove the EXIT trap to leave the lock held while delegation is performed by the caller. This design can leave a lock behind if a caller fails to release it — the user should ensure the external caller releases locks on terminal states and that the lock directory is protected from unauthorized access.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-upgrader
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-upgrader 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Audit fixes: remove eval(), harden tmp file paths with mktemp, fix run_id extraction fragility, remove SKILL.md tail duplication, strengthen preflight-probe disclaimer
v0.1.0
Initial release: cross-platform OpenClaw upgrade via ACP/CLI delegation with reentry protection, full-lifecycle locking, and schema-aligned terminal results
元数据
Slug openclaw-upgrader
版本 0.1.1
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 2
常见问题

OpenClaw Upgrader 是什么?

Upgrade OpenClaw to a specific version or latest using a cross-platform, Codex-supervised flow. Use when the user asks to upgrade or update OpenClaw. OpenCla... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 250 次。

如何安装 OpenClaw Upgrader?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-upgrader」即可一键安装,无需额外配置。

OpenClaw Upgrader 是免费的吗?

是的,OpenClaw Upgrader 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

OpenClaw Upgrader 支持哪些平台?

OpenClaw Upgrader 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenClaw Upgrader?

由 Leon Ge(@gejiliang)开发并维护,当前版本 v0.1.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论