NC-VERS-001
OpenClaw is behind latest release
What this checks
Checks whether the installed OpenClaw version is behind the latest available release.
Why it matters
Running older versions may miss important security patches and bug fixes.
How to fix it
Step 1 Check what version is available:
openclaw update statusStep 2 Update using the built-in updater:
openclaw updateOr update using your package manager:
# Homebrew
brew upgrade openclaw
# npm
npm install -g openclaw@latest
# pnpm
pnpm add -g openclaw@latestStep 3 Restart the gateway after upgrading:
openclaw gateway restartStep 4 Verify: Run openclaw --version to confirm the new version is active, then re-run the audit to confirm this finding is gone.
Technical details
| Field | Value |
|---|---|
| Control ID | NC-VERS-001 |
| Domain | VERS |
| Severity | Medium |
| Status | Stable |
| Data source | update_status_json |
| Source type | contextual |
| Mode | Mode 1 (OpenClaw native) |
| Introduced in | Library v0.1.0 |
| OWASP LLM 2025 | LLM03: Supply Chain |
False positive notes
None this is a factual check against the registry.
Suppress this finding
If this finding is intentional or not applicable to your setup, you can exclude it:
clawvitals exclude NC-VERS-001 reason "your reason here"Exclusions are auditable and expire automatically. See the exclusions guide.