Skip to main content

gstack-upgrade

Upgrade gstack to the latest version. Detects global vs vendored install, runs the upgrade, and shows what's new.

72/100

Security score

The gstack-upgrade skill was audited on Mar 16, 2026 and we found 20 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

low line 30

Command substitution pattern

SourceSKILL.md
28_AUTO=""
29[ "${GSTACK_AUTO_UPGRADE:-}" = "1" ] && _AUTO="true"
30[ -z "$_AUTO" ] && _AUTO=$(~/.claude/skills/gstack/bin/gstack-config get auto_upgrade 2>/dev/null || true)
31echo "AUTO_UPGRADE=$_AUTO"
32```
low line 54

Command substitution pattern

SourceSKILL.md
52_CUR_LEVEL=0
53if [ -f "$_SNOOZE_FILE" ]; then
54 _SNOOZED_VER=$(awk '{print $1}' "$_SNOOZE_FILE")
55 if [ "$_SNOOZED_VER" = "$_REMOTE_VER" ]; then
56 _CUR_LEVEL=$(awk '{print $2}' "$_SNOOZE_FILE")
low line 56

Command substitution pattern

SourceSKILL.md
54 _SNOOZED_VER=$(awk '{print $1}' "$_SNOOZE_FILE")
55 if [ "$_SNOOZED_VER" = "$_REMOTE_VER" ]; then
56 _CUR_LEVEL=$(awk '{print $2}' "$_SNOOZE_FILE")
57 case "$_CUR_LEVEL" in *[!0-9]*) _CUR_LEVEL=0 ;; esac
58 fi
low line 60

Command substitution pattern

SourceSKILL.md
58 fi
59fi
60_NEW_LEVEL=$((_CUR_LEVEL + 1))
61[ "$_NEW_LEVEL" -gt 3 ] && _NEW_LEVEL=3
62echo "$_REMOTE_VER $_NEW_LEVEL $(date +%s)" > "$_SNOOZE_FILE"
low line 100

Command substitution pattern

SourceSKILL.md
98
99```bash
100OLD_VERSION=$(cat "$INSTALL_DIR/VERSION" 2>/dev/null || echo "unknown")
101```
102
low line 108

Command substitution pattern

SourceSKILL.md
106```bash
107cd "$INSTALL_DIR"
108STASH_OUTPUT=$(git stash 2>&1)
109git fetch origin
110git reset --hard origin/main
low line 117

Command substitution pattern

SourceSKILL.md
115**For vendored installs** (vendored, vendored-global):
116```bash
117PARENT=$(dirname "$INSTALL_DIR")
118TMP_DIR=$(mktemp -d)
119git clone --depth 1 https://github.com/garrytan/gstack.git "$TMP_DIR/gstack"
low line 131

Command substitution pattern

SourceSKILL.md
129
130```bash
131_ROOT=$(git rev-parse --show-toplevel 2>/dev/null)
132LOCAL_GSTACK=""
133if [ -n "$_ROOT" ] && [ -d "$_ROOT/.claude/skills/gstack" ]; then
low line 134

Command substitution pattern

SourceSKILL.md
132LOCAL_GSTACK=""
133if [ -n "$_ROOT" ] && [ -d "$_ROOT/.claude/skills/gstack" ]; then
134 _RESOLVED_LOCAL=$(cd "$_ROOT/.claude/skills/gstack" && pwd -P)
135 _RESOLVED_PRIMARY=$(cd "$INSTALL_DIR" && pwd -P)
136 if [ "$_RESOLVED_LOCAL" != "$_RESOLVED_PRIMARY" ]; then
low line 135

Command substitution pattern

SourceSKILL.md
133if [ -n "$_ROOT" ] && [ -d "$_ROOT/.claude/skills/gstack" ]; then
134 _RESOLVED_LOCAL=$(cd "$_ROOT/.claude/skills/gstack" && pwd -P)
135 _RESOLVED_PRIMARY=$(cd "$INSTALL_DIR" && pwd -P)
136 if [ "$_RESOLVED_LOCAL" != "$_RESOLVED_PRIMARY" ]; then
137 LOCAL_GSTACK="$_ROOT/.claude/skills/gstack"
low line 30

Access to home directory dotfiles

SourceSKILL.md
28_AUTO=""
29[ "${GSTACK_AUTO_UPGRADE:-}" = "1" ] && _AUTO="true"
30[ -z "$_AUTO" ] && _AUTO=$(~/.claude/skills/gstack/bin/gstack-config get auto_upgrade 2>/dev/null || true)
31echo "AUTO_UPGRADE=$_AUTO"
32```
low line 44

Access to home directory dotfiles

SourceSKILL.md
42**If "Always keep me up to date":**
43```bash
44~/.claude/skills/gstack/bin/gstack-config set auto_upgrade true
45```
46Tell user: "Auto-upgrade enabled. Future updates will install automatically." Then proceed to Step 2.
low line 50

Access to home directory dotfiles

SourceSKILL.md
48**If "Not now":** Write snooze state with escalating backoff (first snooze = 24h, second = 48h, third+ = 1 week), then continue with the current skill. Do not mention the upgrade again.
49```bash
50_SNOOZE_FILE=~/.gstack/update-snoozed
51_REMOTE_VER="{new}"
52_CUR_LEVEL=0
medium line 66

Access to home directory dotfiles

SourceSKILL.md
64Note: `{new}` is the remote version from the `UPGRADE_AVAILABLE` output — substitute it from the update check result.
65
66Tell user the snooze duration: "Next reminder in 24h" (or 48h or 1 week, depending on level). Tip: "Set `auto_upgrade: true` in `~/.gstack/config.yaml` for automatic upgrades."
67
68**If "Never ask again":**
low line 70

Access to home directory dotfiles

SourceSKILL.md
68**If "Never ask again":**
69```bash
70~/.claude/skills/gstack/bin/gstack-config set update_check false
71```
72Tell user: "Update checks disabled. Run `~/.claude/skills/gstack/bin/gstack-config set update_check true` to re-enable."
medium line 72

Access to home directory dotfiles

SourceSKILL.md
70~/.claude/skills/gstack/bin/gstack-config set update_check false
71```
72Tell user: "Update checks disabled. Run `~/.claude/skills/gstack/bin/gstack-config set update_check true` to re-enable."
73Continue with the current skill.
74
low line 156

Access to home directory dotfiles

SourceSKILL.md
154
155```bash
156mkdir -p ~/.gstack
157echo "$OLD_VERSION" > ~/.gstack/just-upgraded-from
158rm -f ~/.gstack/last-update-check
low line 157

Access to home directory dotfiles

SourceSKILL.md
155```bash
156mkdir -p ~/.gstack
157echo "$OLD_VERSION" > ~/.gstack/just-upgraded-from
158rm -f ~/.gstack/last-update-check
159rm -f ~/.gstack/update-snoozed
low line 158

Access to home directory dotfiles

SourceSKILL.md
156mkdir -p ~/.gstack
157echo "$OLD_VERSION" > ~/.gstack/just-upgraded-from
158rm -f ~/.gstack/last-update-check
159rm -f ~/.gstack/update-snoozed
160```
low line 159

Access to home directory dotfiles

SourceSKILL.md
157echo "$OLD_VERSION" > ~/.gstack/just-upgraded-from
158rm -f ~/.gstack/last-update-check
159rm -f ~/.gstack/update-snoozed
160```
161
Scanned on Mar 16, 2026
View Security Dashboard