← Back to Skills Marketplace
371
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-safe-upgrade
Description
Safe OpenClaw upgrade with instant rollback. Use when user says "upgrade openclaw", "update openclaw", "check for updates", or any request to upgrade/update...
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-safe-upgrade
Version: 1.0.0
The skill implements an upgrade utility that uses 'systemd-run' to escape the gateway's cgroup and service lifecycle, ensuring the script survives the service restart it triggers. While functionally justified for a self-upgrade, this technique is a high-risk process isolation bypass. Additionally, the script performs global package installations ('npm i -g'), executes arbitrary scripts found in the workspace ('service-quick-check.py'), and automatically performs 'git push' operations on the workspace. These behaviors, while aligned with the stated purpose in 'SKILL.md' and 'scripts/safe-upgrade.sh', represent a significant and broad attack surface.
Capability Assessment
Purpose & Capability
The skill claims to perform a safe OpenClaw upgrade — and the bundled script does exactly that. However the skill metadata declares no required binaries or environment variables while the script relies on many external tools (npm, python3, systemd-run/systemctl, curl, tar, openclaw CLI, pkill, etc.). Those undeclared dependencies are a capability–purpose mismatch and should have been listed in requires.binaries. Also the script reads and writes many OpenClaw files (configs, crons, installation directories) which is consistent with an upgrade but increases the blast radius if misused.
Instruction Scope
SKILL.md and the script stay within the stated upgrade task, but the script also conditionally runs 'optional hooks' found in the workspace (golden-snapshot.sh, service-quick-check.py). Executing arbitrary files from a user's workspace during an upgrade can run arbitrary code and is a notable risk unless you explicitly control those files. The script also reads config files (openclaw.json, cron jobs, acpx config) which may contain secrets/tokens; while it doesn't appear to send them externally, reading them is necessary for the task but should be noted.
Install Mechanism
There is no install spec (instruction-only + bundled script), which is low risk in terms of supply-chain downloads. However the runtime does perform network operations (npm view / npm i -g) and extracts tarballs into system paths — these are network-backed actions executed at runtime rather than via a controlled installer. The lack of an install step is expected for an instruction-only skill, but you should be aware the script will contact npm and perform global installs.
Credentials
The skill declares no required env vars, but the script uses _UPGRADE_FORCE_ESCAPE / _UPGRADE_ESCAPED (control flags) and optionally OPENCLAW_WORKSPACE; it also reads $HOME/.openclaw/openclaw.json and other user files which may contain gateway auth tokens. Not declaring required binaries and not warning about possible sensitive config reads is a proportionality issue: upgrading reasonably needs access to install/config files, but the metadata should state this and request explicit user consent.
Persistence & Privilege
The skill does not request always:true and does not try to permanently enable itself; it creates files under the user's home (~/.openclaw/upgrade-backups, result/log files) and launches a transient systemd user scope to survive gateway restart. Those behaviors are coherent with an upgrade tool. One practical concern: the script writes/extracts into /usr/lib/node_modules/ (global install path) and expects to be able to start/stop systemd services — this implies it assumes the running user has permission to manage the OpenClaw installation and systemd units. That privilege assumption is not declared and may fail or require elevation.
scan_findings_in_context
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-safe-upgrade - After installation, invoke the skill by name or use
/openclaw-safe-upgrade - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — atomic OpenClaw upgrade with auto-rollback, cgroup escape for systemd survival, acpx preservation, breaking change detection
Metadata
Frequently Asked Questions
What is OpenClaw Safe Upgrade?
Safe OpenClaw upgrade with instant rollback. Use when user says "upgrade openclaw", "update openclaw", "check for updates", or any request to upgrade/update... It is an AI Agent Skill for Claude Code / OpenClaw, with 371 downloads so far.
How do I install OpenClaw Safe Upgrade?
Run "/install openclaw-safe-upgrade" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenClaw Safe Upgrade free?
Yes, OpenClaw Safe Upgrade is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OpenClaw Safe Upgrade support?
OpenClaw Safe Upgrade is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenClaw Safe Upgrade?
It is built and maintained by Ali Aziz (@aliahmadaziz); the current version is v1.0.0.
More Skills