技能详情(站内镜像,无评论)
作者:Ali Aziz @aliahmadaziz
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 182 · 0 current installs · 0 all-time installs
⭐ 0
安装量(当前) 0
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:aliahmadaziz/openclaw-safe-upgrade
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill's purpose (safe upgrade/rollback) matches the included script, but there are several mismatches and risky behaviors (undeclared tool dependencies, execution of optional workspace hooks, assumptions about filesystem permissions and config contents) that you should understand before using it.
目的
The skill claims to perform a safe OpenClaw upgrade — and the bundled script does exactly that. However the skill metadata declares no required binaries or environment variables while the script relies on many external tools (npm, python3, systemd-run/systemctl, curl, tar, openclaw CLI, pkill, etc.). Those undeclared dependencies are a capability–purpose mismatch and should have been listed in requires.binaries. Also the script reads and write…
说明范围
SKILL.md and the script stay within the stated upgrade task, but the script also conditionally runs 'optional hooks' found in the workspace (golden-snapshot.sh, service-quick-check.py). Executing arbitrary files from a user's workspace during an upgrade can run arbitrary code and is a notable risk unless you explicitly control those files. The script also reads config files (openclaw.json, cron jobs, acpx config) which may contain secrets/toke…
安装机制
There is no install spec (instruction-only + bundled script), which is low risk in terms of supply-chain downloads. However the runtime does perform network operations (npm view / npm i -g) and extracts tarballs into system paths — these are network-backed actions executed at runtime rather than via a controlled installer. The lack of an install step is expected for an instruction-only skill, but you should be aware the script will contact npm…
证书
The skill declares no required env vars, but the script uses _UPGRADE_FORCE_ESCAPE / _UPGRADE_ESCAPED (control flags) and optionally OPENCLAW_WORKSPACE; it also reads $HOME/.openclaw/openclaw.json and other user files which may contain gateway auth tokens. Not declaring required binaries and not warning about possible sensitive config reads is a proportionality issue: upgrading reasonably needs access to install/config files, but the metadata …
持久
The skill does not request always:true and does not try to permanently enable itself; it creates files under the user's home (~/.openclaw/upgrade-backups, result/log files) and launches a transient systemd user scope to survive gateway restart. Those behaviors are coherent with an upgrade tool. One practical concern: the script writes/extracts into /usr/lib/node_modules/ (global install path) and expects to be able to start/stop systemd servic…
scan_findings_in_context
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「OpenClaw Safe Upgrade」。简介:Safe OpenClaw upgrade with instant rollback. Use when user says "upgrade opencl…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/aliahmadaziz/openclaw-safe-upgrade/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: upgrade
description: Safe OpenClaw upgrade with instant rollback. Use when user says "upgrade openclaw", "update openclaw", "check for updates", or any request to upgrade/update the OpenClaw installation. NOT for config changes (use gateway config.patch). NOT for skill updates (use clawhub).
---
# OpenClaw Safe Upgrade
Single atomic command. Auto-rollbacks on ANY failure. Survives the gateway restart it triggers.
## Script
```bash
# From an agent session — ALWAYS set escape flag (ensures script survives gateway restart)
_UPGRADE_FORCE_ESCAPE=1 bash skills/upgrade/scripts/safe-upgrade.sh
# Force upgrade even if already on latest
_UPGRADE_FORCE_ESCAPE=1 bash skills/upgrade/scripts/safe-upgrade.sh --force
# Safe read-only checks (no escape needed)
bash skills/upgrade/scripts/safe-upgrade.sh --check # Pre-flight only
bash skills/upgrade/scripts/safe-upgrade.sh --rollback # Manual rollback
```
## What Happens (one command, 10 steps)
1. **Cgroup escape**: re-execs via `systemd-run --user --scope` so gateway stop can't kill the script
2. Pre-flight: version check, disk space, breaking changes
3. Backup: installation tarball, config, cron jobs, acpx customizations
4. `npm i -g openclaw@latest`
5. Restore acpx config (ACP agent customizations survive upgrades)
6. Gateway restart (process-isolated: stop + start, survives script's own lifecycle)
7. Wait for gateway health (configurable timeout) → **auto-rollback if fails**
8. Wait for WhatsApp reconnect (non-fatal timeout)
9. Verify: correct version + cron count preserved → **auto-rollback if fails**
10. Record result → optional golden snapshot → cleanup backup
If ANY critical check fails, the script **automatically rolls back** — restores install, config, crons, and acpx. Trap handler catches unexpected exits during critical phases.
## Agent Workflow
1. Run `--check` first. Review output with the user.
2. Inform user: "Launching upgrade — I'll go offline during gateway restart."
3. Run the upgrade:
```bash
_UPGRADE_FORCE_ESCAPE=1 bash skills/upgrade/scripts/safe-upgrade.sh
```
**Do NOT pipe the output** (no `| tee`, no `2>&1 | cat`). The script writes to `/tmp/upgrade-live.log`.
4. **The current session will end** when the gateway restarts. This is expected.
5. After restart, the new session checks:
- `~/.openclaw/upgrade-result.json` for status
- `/tmp/upgrade-live.log` for live output
- `success`: report to user, update any version references
- `rolled_back`: tell user what went wrong (reason in result file)
- No result file + backup at `~/.openclaw/upgrade-backups/current/`: script was killed — run `--rollback`
6. Full forensic log at `~/.openclaw/upgrade-last.log`.
## What Gets Backed Up
- OpenClaw installation tarball
- Config (`openclaw.json`)
- Cron jobs (`jobs.json`)
- acpx user config (`~/.acpx/config.json`) if present
- Metadata (from/to version, timestamp, cron count)
Backup location: `~/.openclaw/upgrade-backups/current/`
## Result File
`~/.openclaw/upgrade-result.json`:
```json
{
"status": "success|rolled_back|rollback_failed|no_change|blocked",
"from_version": "2026.3.2",
"to_version": "2026.3.7",
"message": "...",
"timestamp": "...",
"log": "~/.openclaw/upgrade-last.log"
}
```
## Why Cgroup Escape?
OpenClaw runs as a systemd service. When an agent runs this script, the script is a child process inside the service's cgroup. `systemctl stop` sends SIGKILL to ALL processes in the cgroup — including the upgrade script. SIGKILL cannot be caught (no trap handler fires).
The script detects this and re-execs itself via `systemd-run --user --scope` into its own transient systemd scope. The parent process exits immediately — no pipes, no tee, no connections back to the gateway cgroup. This is why piping output is forbidden.
## Important Notes
- **Never run `gateway update.run` directly** — always use this script
- **Always set `_UPGRADE_FORCE_ESCAPE=1`** when running from an agent session
- acpx customizations are auto-preserved across upgrades
- Rollback restores the EXACT previous state: install + config + crons + acpx
- `--check` is safe to run anytime, changes nothing
- The script auto-detects gateway port from config (no hardcoded defaults)
- Optional hooks: if `golden-snapshot.sh` or `service-quick-check.py` exist in your workspace, they're used; otherwise silently skipped