ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

克隆龙虾

v1.0.0

OpenClaw/CatPaw 配置与上下文自动备份恢复工具。在使用 OpenClaw 过程中自动保留配置变更、工作区文件、对话上下文、已安装 Skills 和系统改动到 Git 仓库。 触发场景:(1) 用户要求备份/保存当前配置 (2) 用户要求恢复之前的配置 (3) 对话中产生了重要的配置变更、skill...

0· 330·1 current·1 all-time
by@lipingjiang
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md, and the scripts all align: the tool collects OpenClaw/CatPaw workspace, config, skills, system files and context and pushes them to a Git repo. However the registry metadata did not declare the CLONE_LOBSTER_REPO_URL env var or the expectation of an SSH deploy key, which is an omission (not necessarily malicious) and reduces transparency.
!
Instruction Scope
The runtime instructions and backup.sh explicitly read many files beyond simple user configs: session databases, memory files, ~/.ssh/config, /etc/supervisor files, installed package lists, supervisor status, and whole skills directories (including code). Those actions match a broad backup goal but also collect highly sensitive data (API keys, secrets in openclaw.json or session DBs). The SKILL.md does warn about sensitive info, but the automatic-trigger rules (run on many change events) could cause repeated uploads without explicit per-run consent.
Install Mechanism
This is an instruction-only skill with included shell scripts; there is no install spec or remote download. That minimizes installer risk because no external binary is fetched during installation.
!
Credentials
The scripts require a CLONE_LOBSTER_REPO_URL and an SSH key with write access to the repo, but the registry entry lists no required env vars or primary credential. The skill also uses optional OPENCLAW_WORKSPACE/OPENCLAW_DIR env vars. Expectation of SSH keys and a writable Git repo is reasonable for a backup tool, but the missing declaration in metadata is an inconsistency and the set of data accessed is high-impact (secrets & local system state).
Persistence & Privilege
The skill is not marked 'always:true' and does not request elevated/install-time persistence. It can be invoked autonomously (platform default); combined with the broad data access this increases blast radius if the agent runs backups automatically and the configured repo is untrusted. The scripts themselves do not attempt to modify other skills or global agent configuration.
What to consider before installing
This skill implements a full backup to a Git repo and will copy session DBs, openclaw.json (which may contain API keys/passwords), ~/.ssh/config and system info and push them to whatever repo you configure. Before installing or enabling it: (1) Ensure CLONE_LOBSTER_REPO_URL is set to a trusted, private repo and use a deploy key with minimal scope; (2) Review and, if needed, edit scripts to exclude sensitive files (or add filtering/encryption) — e.g., avoid backing up openclaw.json or strip secrets first; (3) Prefer manual invocation until you verify behavior; disable automatic triggers or limit them in SKILL.md; (4) Add explicit registry metadata for required env vars/credentials so users can see what will be used; (5) Test in a safe environment (temp account/repo) to confirm no unintended data is uploaded. If you cannot verify the destination repo and its access controls, do not enable autonomous backups.

Like a lobster shell, security has layers — review code before you run it.

latestvk972v4zkhvjgqa475zcqc1tx0182d87v
330downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
@lipingjiang
latest
Download

🦞 克隆龙虾 - OpenClaw 配置自动备份

将 OpenClaw/CatPaw 的配置、上下文、Skills 和系统改动自动备份到 Git 仓库。

前置要求

  1. 已配置 SSH 密钥可访问 Git 仓库
  2. 设置备份仓库地址环境变量:CLONE_LOBSTER_REPO_URL

备份内容

类别路径说明
工作区~/.openclaw/workspace/AGENTS.md, SOUL.md, USER.md, MEMORY.md, memory/ 等
配置~/.openclaw/openclaw.json, exec-approvals.json
Skills~/.openclaw/skills/所有用户安装的 skills
系统/etc/supervisor/supervisord.conf, 桌面启动脚本, SSH 配置
上下文~/.openclaw/data/session 数据库和 memory 索引

使用方式

自动备份(推荐)

在对话中检测到以下变更时,自动触发备份:

  • 修改了 AGENTS.md, SOUL.md, USER.md 等工作区文件
  • 安装了新的 skill
  • 修改了 openclaw.json 配置
  • 修改了系统配置(supervisor, 桌面环境等)
  • 用户明确要求"备份"

执行备份:

export CLONE_LOBSTER_REPO_URL="ssh://git@git.sankuai.com/~lipingjiang/catclaw_configuration.git"
bash scripts/backup.sh "描述本次变更"

手动恢复

export CLONE_LOBSTER_REPO_URL="ssh://git@git.sankuai.com/~lipingjiang/catclaw_configuration.git"

# 恢复全部
bash scripts/restore.sh --all

# 仅恢复工作区
bash scripts/restore.sh --workspace

# 仅恢复配置
bash scripts/restore.sh --config

# 仅恢复 Skills
bash scripts/restore.sh --skills

自动触发规则

Agent 在以下情况下应主动运行备份脚本:

  1. 配置变更后:修改了 openclaw.json、workspace 文件、或安装了 skill
  2. 系统变更后:修改了 supervisor 配置、安装了新软件包、修改了桌面环境
  3. 对话结束前:如果本次对话中有重要变更,在结束前执行一次备份
  4. 用户请求时:用户说"备份"、"保存"、"同步"等关键词
  5. 心跳检查时:可在 HEARTBEAT.md 中添加定期备份任务

注意事项

  • 备份脚本会自动排除 node_modules__pycache__ 等无需备份的目录
  • 敏感信息(API keys、密码)在 openclaw.json 中,确保仓库访问权限受控
  • 首次使用需确保 Git 仓库已创建且 SSH 密钥有读写权限
  • 备份脚本是幂等的,重复运行不会产生问题

Comments

Loading comments...