sandbox@my-assistant:~$ openclaw update ## npm install -g openclaw@latest #1117
Description
Description
- openclaw update Not proceeding
- openclaw update Failing
Reproduction Steps
sandbox@my-assistant:$ npm install -g openclaw@latest$ openclaw status
(node:6432) [UNDICI-EHPA] Warning: EnvHttpProxyAgent is experimental, expect them to change at any time.
(Use node --trace-warnings ... to show where the warning was created)
/^C
sandbox@my-assistant:
(node:6622) [UNDICI-EHPA] Warning: EnvHttpProxyAgent is experimental, expect them to change at any time.
(Use node --trace-warnings ... to show where the warning was created)
(node:6630) [UNDICI-EHPA] Warning: EnvHttpProxyAgent is experimental, expect them to change at any time.
(Use node --trace-warnings ... to show where the warning was created)
🦞 OpenClaw 2026.3.11 (29dc654) — Running on your hardware, reading your logs, judging nothing (mostly).
│
◇
│
◇
OpenClaw status
Overview
┌─────────────────┬─────────────────────────────────────────────────────────────────────────────────────────┐
│ Item │ Value │
├─────────────────┼─────────────────────────────────────────────────────────────────────────────────────────┤
│ Dashboard │ http://127.0.0.1:18789/ │
│ OS │ linux 6.12.69-linuxkit (arm64) · node 22.22.1 │
│ Tailscale │ off │
│ Channel │ stable (default) │
│ Update │ available · pnpm · npm update 2026.3.28 │
│ Gateway │ local · ws://127.0.0.1:18789 (local loopback) · reachable 31ms · auth token · my- │
│ │ assistant (10.200.0.2) app 2026.3.11 linux 6.12.69-linuxkit │
│ Gateway service │ systemd not installed │
│ Node service │ systemd not installed │
│ Agents │ 1 · 1 bootstrap file present · sessions 1 · default main active 1m ago │
│ Memory │ enabled (plugin memory-core) · unavailable │
│ Probes │ skipped (use --deep) │
│ Events │ none │
│ Heartbeat │ 30m (main) │
│ Sessions │ 1 active · default gpt-5.4 (131k ctx) · ~/.openclaw/agents/main/sessions/sessions.json │
└─────────────────┴─────────────────────────────────────────────────────────────────────────────────────────┘
Security audit
Summary: 2 critical · 3 warn · 1 info
CRITICAL DANGEROUS: Control UI device auth disabled
gateway.controlUi.dangerouslyDisableDeviceAuth=true disables device identity checks for the Control UI.
Fix: Disable it unless you are in a short-lived break-glass scenario.
CRITICAL Config file is world-readable
/sandbox/.openclaw/openclaw.json mode=444; config can contain tokens and private settings.
Fix: chmod 600 /sandbox/.openclaw/openclaw.json
WARN Control UI insecure auth toggle enabled
gateway.controlUi.allowInsecureAuth=true does not bypass secure context or device identity checks; only dangerouslyDisableDeviceAuth disables Control UI device…
Fix: Disable it or switch to HTTPS (Tailscale Serve) or localhost.
WARN Insecure or dangerous config flags enabled
Detected 2 enabled flag(s): gateway.controlUi.allowInsecureAuth=true, gateway.controlUi.dangerouslyDisableDeviceAuth=true.
Fix: Disable these flags when not actively debugging, or keep deployment scoped to trusted/local-only networks.
WARN State dir is readable by others
/sandbox/.openclaw mode=755; consider restricting to 700.
Fix: chmod 700 /sandbox/.openclaw
Full report: openclaw security audit
Deep probe: openclaw security audit --deep
Channels
┌──────────┬─────────┬────────┬─────────────────────────────────────────────────────────────────────────────┐
│ Channel │ Enabled │ State │ Detail │
├──────────┼─────────┼────────┼─────────────────────────────────────────────────────────────────────────────┤
└──────────┴─────────┴────────┴─────────────────────────────────────────────────────────────────────────────┘
Sessions
┌────────────────────────────────────────┬────────┬─────────┬──────────────┬────────────────────────────────┐
│ Key │ Kind │ Age │ Model │ Tokens │
├────────────────────────────────────────┼────────┼─────────┼──────────────┼────────────────────────────────┤
│ agent:main:main │ direct │ 1m ago │ gpt-5.4 │ 34k/131k (26%) · 🗄️ 99% cached │
└────────────────────────────────────────┴────────┴─────────┴──────────────┴────────────────────────────────┘
FAQ: https://docs.openclaw.ai/faq
Troubleshooting: https://docs.openclaw.ai/troubleshooting
Update available (npm 2026.3.28). Run: openclaw update
Next steps:
Need to share? openclaw status --all
Need to debug live? openclaw logs --follow
Need to test channels? openclaw status --deep
sandbox@my-assistant:~$ openclaw update
(node:6670) [UNDICI-EHPA] Warning: EnvHttpProxyAgent is experimental, expect them to change at any time.
(Use node --trace-warnings ... to show where the warning was created)
(node:6678) [UNDICI-EHPA] Warning: EnvHttpProxyAgent is experimental, expect them to change at any time.
(Use node --trace-warnings ... to show where the warning was created)
Updating OpenClaw...
│
◇ Canceled
Environment
Mac Os - 26.3.1 (a) (25D771280a)
sandbox@my-assistant:$ npm -v$ node -v
(node:7069) [UNDICI-EHPA] Warning: EnvHttpProxyAgent is experimental, expect them to change at any time.
(Use node --trace-warnings ... to show where the warning was created)
10.9.4
sandbox@my-assistant:
v22.22.1
Debug Output
Logs
Checklist
- I confirmed this bug is reproducible
- I searched existing issues and this is not a duplicate