Upgrade Guard

Trust Score 73/100

Safely perform OpenClaw upgrades with snapshots, pre-flight checks, controlled upgrade steps, verification, and emergency rollback to avoid breaking production

triggers:upgrade guardsnapshotsafe upgraderollbackpre-flight checkverify upgradewatchdog

GitHub SKILL.md

What it does

Upgrade Guard provides a safe, repeatable workflow for upgrading OpenClaw installations. It automates snapshots of current state, runs pre-flight checks, performs a controlled multi-step upgrade (with build and dependency steps), verifies the system post-upgrade, and offers an emergency rollback path if anything fails. It also includes an optional watchdog for ongoing system health and automatic recovery.

When to use it

Use Upgrade Guard whenever you need to update an OpenClaw deployment or its dependencies—especially on production gateways or remote servers where an upgrade failure would be disruptive. Run its snapshot and check steps before any git pull && pnpm install cycle, and use the upgrade/verify commands for safe rollout.

What's included

Scripts: snapshot, check, upgrade, verify, rollback and a watchdog (installable via systemd timer) for health monitoring
References: guidance in the SKILL.md for commands and recovery strategy
Instructions: concrete step-by-step commands and a 6-step safe upgrade process, with explicit rollback behavior on failure

Compatible agents

Best suited for agents that can run shell commands and manage system services (CLI-capable agents, Copilot/Codex-like tooling, and autonomous maintenance agents).

Audit Summary

Upgrade Guard provides safe OpenClaw upgrades with snapshot, pre-flight checks, controlled upgrade steps, post-verification, and emergency rollback. Both scripts ran cleanly and displayed well-structured help output. The upgrade-guard.sh has a comprehensive 6-step upgrade workflow with auto-rollback on failure, and watchdog.sh adds OS-level monitoring with systemd timer support, resource tracking, and Telegram alerts. Security concerns include auto git pull without confirmation (-18), shell injection risk from unquoted/interpolated Python paths in bash (-12), and the watchdog reading Telegram bot tokens from config to send external API calls (-15 for network calls/phone-home pattern).

Watch Out

Default OPENCLAW_DIR points to /opt/clawdbot (old name), may need override to /opt/openclaw or wherever OpenClaw is installed
watchdog.sh reads bot token from OpenClaw config to send Telegram alerts — ensure config permissions are restricted
Python code snippets embedded in bash use string interpolation with config file paths — avoid paths with quotes/special chars
Git pull runs without confirmation during upgrade step — use --dry-run first to preview

Notes

Well-structured DevOps skill born from real operational pain (7 cascading failures). Good error handling, idempotent design, clear separation between upgrade and watchdog concerns. Main security deductions: auto git pull (-18), shell injection risk from unquoted Python interpolation in bash (-12), phone-home via Telegram API using config bot token (-15). Code quality is high with proper set -euo pipefail, color-coded output, and comprehensive verification steps. Architecture follows skill spec reasonably well but SKILL.md is fairly long and could benefit from moving detailed tables to references/.

Information

Repository: upgrade-guard
Stars: 10
Installs: 0

Trust Score

Overall73

Security68

Code Quality82

Architecture72

Usefulness72

Related Skills

Development Worktree

Create an isolated git worktree for feature work, auto-run project setup, and verify a clean test baseline before development.

Readwise Reader Document Management

Manage Readwise Reader documents: list, save, search, move, tag, highlight, export and bulk-edit via official and custom CLIs.

Bounty Hunter — Atlas

Persona skill: 'Atlas' — a profit-focused developer persona for discovering, evaluating and executing paid bounties or freelance tasks with ROI-aware workflows.

Junshi — Research Advisor

Daily strategic research advisor that scans arXiv/venues, digests papers, and proposes bold, ranked research ideas tailored to the user's profile.

Full Stack Builder

End-to-end builder that scaffolds, implements, tests, and optionally deploys web and API applications from a natural-language specification.

ezBookkeeping API Tools

Command-line API tools for ezBookkeeping: record and query transactions, retrieve accounts/categories/tags, and fetch exchange rates for self-hosted personal fi

Feishu Voice Sender

Convert MP3s and send them as native Feishu voice messages (playable voice clips) to users or groups.

Claw Bench

Benchmarking skill that guides an agent through a structured suite of capability tests and reporting steps for leaderboard submission.

Back to Skills