Smart Updater

Intelligent upgrade management for OpenClaw skills, extensions, and core. HITL (Human-in-the-Loop) mode: scan installed assets, read changelogs, analyze risk...

This skill implements an appropriate updater workflow (inventory → scan → changelog → HITL decision → gated upgrades) and includes helpful safety gates, but there are practical risks you should consider before installing or running it: - Required tooling mismatch: The registry metadata declares no required binaries, yet the scripts call curl, unzip, npm, git, clawhub, and openclaw. Ensure those tools exist and you accept granting the skill the ability to run them. - Untrusted mirror: The upgrade path tries a SkillHub mirror (a Tencent COS URL) and will download zips and extract them over installed code. If you do not trust that mirror or its operator, upgrades could replace local code with malicious content. Prefer code from authoritative sources (npm/GitHub/ClawHub) or require signed artifacts. - No integrity checks: Downloads are not checksummed or signature-verified. Consider adding verification (SHA256 checksums or signatures) or restrict the skill to use only sources you control. - Filesystem modifications: The scripts will copy, remove, and overwrite files under ~/.openclaw, perform backups, clear caches (rm -rf /tmp/jiti/), and run npm install -g / clawhub / gateway operations. Test on a non-production machine or review the scripts line-by-line to confirm behavior before running. - Autonomous invocation risk: If you enable scheduling/autoUpgrade features, be cautious — automatic runs plus an unverified mirror increases risk. Keep autoUpgrade off or restrict to 'patch' and/or to assets you explicitly trust. Actionable next steps: 1) Inspect the three scripts locally (inventory.sh, scan.sh, upgrade.sh) and confirm you accept each external endpoint and command. 2) If you intend to use it, pin the mirror domain or disable SkillHub mirror downloads; add checksum/signature verification in upgrade.sh. 3) Run initial scans in dry-run mode and review generated inventory.json and scan-result.json before approving any upgrades. 4) Prefer performing upgrades manually for high‑risk/core assets (openclaw core, extensions) until you are confident in the upgrade path and mirror trust.

Type: OpenClaw Skill Name: smart-updater Version: 1.1.0 The 'smart-updater' skill provides a comprehensive framework for managing OpenClaw updates with a 'Three Gates' safety model (backup, isolation, and verification). However, it is classified as suspicious because it introduces a third-party supply chain risk by prioritizing a non-official mirror (SkillHub via a Tencent Cloud COS bucket: skillhub-1388575217.cos.ap-guangzhou.myqcloud.com) for downloading and extracting skill ZIP files in 'scripts/upgrade.sh'. While the intent appears to be performance optimization for specific regions, the execution of high-privilege operations—including global NPM installs, git pulls, and unauthenticated remote ZIP extraction—poses a significant security risk without explicit verification of the remote mirror's integrity.