Plugins: allow unsafe-force override on update

2026-05-04 15:50:20 +00:00 · 2026-04-03 00:20:16 -04:00
parent 824ff335c6
commit c4f40c3f7d
10 changed files with 193 additions and 12 deletions
--- a/docs/tools/plugin.md
+++ b/docs/tools/plugin.md
@@ -213,6 +213,7 @@ openclaw plugins install <path>          # install from local path
 openclaw plugins install -l <path>       # link (no copy) for dev
 openclaw plugins install <spec> --dangerously-force-unsafe-install
 openclaw plugins update <id>             # update one plugin
+openclaw plugins update <id> --dangerously-force-unsafe-install
 openclaw plugins update --all            # update all

 openclaw plugins enable <id>
@@ -220,14 +221,14 @@ openclaw plugins disable <id>
 ```

 `--dangerously-force-unsafe-install` is a break-glass override for false
-positives from the built-in dangerous-code scanner. It allows installs to
-continue past built-in `critical` findings, but it still does not bypass plugin
-`before_install` policy blocks or scan-failure blocking.
+positives from the built-in dangerous-code scanner. It allows plugin installs
+and plugin updates to continue past built-in `critical` findings, but it still
+does not bypass plugin `before_install` policy blocks or scan-failure blocking.

-This CLI flag applies to plugin installs only. Gateway-backed skill dependency
-installs use the matching `dangerouslyForceUnsafeInstall` request override
-instead, while `openclaw skills install` remains the separate ClawHub skill
-download/install flow.
+This CLI flag applies to plugin install/update flows only. Gateway-backed skill
+dependency installs use the matching `dangerouslyForceUnsafeInstall` request
+override instead, while `openclaw skills install` remains the separate ClawHub
+skill download/install flow.

 See [`openclaw plugins` CLI reference](/cli/plugins) for full details.