Skillv0.1.0

ClawScan security

QuarkPan Backup Suite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 9:01 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation describes a plausible backup workflow, but the package content and instructions are inconsistent (many referenced scripts are missing, and several instructions hard-code root paths), so you should inspect missing pieces and running commands before trusting it.
Guidance: This package looks like a documentation/template for a QuarkPan backup workflow rather than a self-contained runnable skill. Before installing or running any commands: (1) ask the publisher for the source repository or the missing scripts (scripts/backup/*). Do not run snapshot-apply/rollback or any commands that confirm destructive operations until you have inspected those scripts. (2) Inspect the missing backup scripts for network endpoints, hardcoded IDs, or secret exfiltration. (3) Run scripts/check_env.sh locally first to see what binaries it expects, and verify cloud CLIs (quarkpan, tccli) are configured with least-privilege credentials. (4) Be cautious about absolute /root paths in references—running package/publish commands as root can be risky; prefer to run from a non-root workspace and verify the package_skill.py path is legitimate. (5) If you cannot obtain the referenced scripts or a trusted source/homepage for this skill, treat it as incomplete and avoid running the high-risk restore/rollback commands it references.

Review Dimensions

Purpose & Capability: noteThe name and description (QuarkPan backup, account binding, dry-run restores) match the included docs. However the SKILL.md and references repeatedly call out scripts under scripts/backup/* that are not present in the bundle. That mismatch suggests the skill is a wrapper or template that expects external files; it's plausible but incomplete.
Instruction Scope: concernRuntime instructions instruct the agent/operator to execute many shell scripts (login, bind, backup, restore, snapshot apply/prune) and to run a packaging script at an absolute /root path. Those referenced scripts are not included, and the instructions use absolute root paths (/root/.openclaw, /root/.nvm/...). The guardrails state destructive actions require explicit confirmation, but the skill still instructs potentially dangerous commands (snapshot apply/rollback) which would run outside the skill's contained files if invoked. The agent could be directed to run commands that touch system state or cloud accounts not represented in the package.
Install Mechanism: okThere is no install spec (instruction-only + a small check script). That is low-risk from an installer perspective since nothing is automatically downloaded or extracted. The only executable included is a preflight check script which only checks for binaries and specific paths.
Credentials: noteThe skill declares no required environment variables or credentials, which is plausible for a wrapper that calls local CLIs (quarkpan/tccli) that rely on existing config. However, those CLIs typically use stored credentials/config files — the skill neither declares nor checks for them. The check script warns if quarkpan/tccli are not found at specific virtualenv paths but does not validate cloud credentials. This omission is proportional but worth attention: the skill implicitly relies on external credentials/configs that are not surfaced.
Persistence & Privilege: okalways is false and there is no install-time persistence or requests to modify other skills or system-wide agent settings. The skill can be invoked by the agent (normal default) but nothing requests elevated/always-on privileges.