← 返回 Skills 市场
2629
总下载
2
收藏
4
当前安装
2
版本数
在 OpenClaw 中安装
/install update-plus
功能描述
Full backup, update, and restore for OpenClaw - config, workspace, and skills with auto-rollback
安全使用建议
This package appears to do what it says, but it will read and archive user config and workspace files and can upload backups to configured cloud remotes and install a cron job. Before installing or running: 1) Inspect and edit ~/.openclaw/update-plus.json to restrict backup_paths to only the directories you want backed up; 2) keep remote storage disabled until you have configured and verified your rclone remote and understand where backups will be sent; 3) enable GPG encryption if backups include sensitive files and configure GPG_RECIPIENT; 4) run update-plus with --dry-run first to preview actions; 5) be aware it performs git pull on your skills directories (so remote repo changes can be applied automatically) and can create a cron entry — only enable automated updates if you trust your skills' remote origins. If you need higher assurance, review the GitHub repo history/owner (hopyky) before cloning and consider running the scripts in a controlled environment first.
功能分析
Type: OpenClaw Skill
Name: update-plus
Version: 4.0.3
The skill 'update-plus' provides comprehensive backup, update, and restore functionalities, utilizing powerful system commands like `rsync`, `tar`, `gpg`, `rclone`, `git`, package managers (`npm`, `pnpm`, `yarn`, `bun`), and `crontab`. While these capabilities are plausibly needed for its stated purpose (e.g., file system access for backups, network access for updates/cloud sync, cron for scheduled tasks), they represent high-risk operations. Specifically, the installation of a cron job (`bin/lib/cron.sh`) creates a persistence mechanism, and the use of `eval` with `rsync_args` (`bin/lib/backup.sh`) introduces a minor risk, even if driven by user configuration. There is no clear evidence of intentional malicious behavior or prompt injection against the agent, but the broad permissions and high-risk capabilities without explicit malicious intent warrant a 'suspicious' classification.
能力评估
Purpose & Capability
The name/description (backup, update, restore OpenClaw) matches the requested binaries (git, jq, rsync) and the code. Optional behaviors (rclone, gpg, npm/pnpm detection, openclaw CLI integration) are expected for cloud sync, encryption, and updating OpenClaw. There are some leftover legacy/default path fallbacks (clawdbot/clawd) but they do not contradict the stated purpose.
Instruction Scope
SKILL.md and the scripts explicitly operate on user config and workspace directories (~/.openclaw, workspace, skills), create compressed archives, optionally encrypt and upload them, run git fetch/pull to update skills, and can install a cron job. All of this is within the advertised scope, but these actions will read and archive potentially sensitive files (configs/credentials) and will pull and apply code changes from remote git repositories — the user should confirm backup_paths and remote upload settings before running.
Install Mechanism
There is no exotic install mechanism: the SKILL.md instructs cloning from a GitHub repository (https://github.com/hopyky/update-plus.git) and creating a symlink under ~/bin. No downloads from shorteners/personal IPs or automated extract-from-untrusted-URLs are present in the packaged files. The skill itself is distributed as shell scripts which will run when invoked.
Credentials
The skill declares no required environment variables and the scripts get configuration from ~/.openclaw/update-plus.json. Optional settings (GPG recipient, rclone remote, notification target) are sensible for encryption, remote upload, and notifications. It does not request unrelated credentials in the registry metadata; however, the tool will back up any paths you configure — including files containing secrets — so remote-upload credentials (rclone) and GPG recipients must be configured securely if you enable those features.
Persistence & Privilege
always:false (no forced global inclusion). The skill can install a cron job and create a ~/bin symlink (both are user-level persistent changes) and can perform repeated autonomous updates when scheduled. Installing cron jobs and symlinks is consistent with an updater tool, but these are persistent actions the user must approve.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install update-plus - 安装完成后,直接呼叫该 Skill 的名称或使用
/update-plus触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v4.0.3
v4.0.3: Check updates before backup, use curl for connection check
v3.0.0
Renamed to update-plus, moltbot support, connection retry for cron jobs
元数据
常见问题
Update Plus 是什么?
Full backup, update, and restore for OpenClaw - config, workspace, and skills with auto-rollback. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2629 次。
如何安装 Update Plus?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install update-plus」即可一键安装,无需额外配置。
Update Plus 是免费的吗?
是的,Update Plus 完全免费(开源免费),可自由下载、安装和使用。
Update Plus 支持哪些平台?
Update Plus 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Update Plus?
由 hopyky(@hopyky)开发并维护,当前版本 v4.0.3。
推荐 Skills