Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Agent Clone
v1.0.1一键导出或导入小龙虾配置,支持配置共享与克隆,自动备份并过滤敏感信息,方便技能安装与应用恢复。
⭐ 0· 235·0 current·0 all-time
by@anwhere
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code: the script reads agent identity/config files, builds a shareable package, and can write files back and install skills on import. Reading OPENCLAW_WORKSPACE / OPENCLAW_DIR and listing skills is coherent with cloning/exporting an agent.
Instruction Scope
SKILL.md and the script instruct reading many workspace files, writing/overwriting configs (with .bak backups), optionally importing MEMORY, and auto-installing listed skills. The export claims 'sensitive info filtered' but filtering is a simple key-based transformation and may miss secrets in other keys or embedded text. Auto-install on import happens without additional confirmation in the script, which expands the blast radius (it will invoke 'skillhub install <slug>').
Install Mechanism
No install spec — instruction-only with a shipped script. There are no remote downloads or package installs declared. The script invokes a local command ('skillhub install') to add skills, which is expected for an importer, but that relies on external tooling and network access at runtime.
Credentials
Registry metadata declares no required env vars, but the script reads OPENCLAW_WORKSPACE and OPENCLAW_DIR from the environment (with defaults). This mismatch means the skill will access filesystem locations determined by env vars even though none are declared. The script can read arbitrary files under those paths (which may contain credentials), yet it does not declare or request credentials explicitly.
Persistence & Privilege
The skill does not request 'always' privilege. It will overwrite agent identity/config files (with backups) and can install skills — actions that legitimately fit a cloning tool but are high-impact. Autonomous invocation is allowed by default; combined with auto-install behavior this increases risk if misused.
What to consider before installing
This tool looks functional for exporting/importing agent configs, but proceed carefully: 1) The script reads and writes files in your OpenClaw workspace (defaults to /home/node/.openclaw) and will overwrite configs — ensure you have backups and review .bak files. 2) The export's 'filtering' is a simple key-name filter and can miss secrets embedded in other fields; manually inspect any package before sharing. 3) Import will attempt to auto-install skills via 'skillhub install <slug>' without additional checks — verify the list of skills and trust the skill sources before allowing installation. 4) The code reads OPENCLAW_WORKSPACE and OPENCLAW_DIR environment variables but the skill declares none — be aware the runtime location depends on those env vars. 5) Prefer running this in an isolated/test environment first, or review the exported package text and the list of skills to be installed before performing an import. If you need higher assurance, request the author to: (a) declare the env vars used, (b) make filtering more robust (pattern/regex detection), and (c) require explicit user confirmation before installing skills.Like a lobster shell, security has layers — review code before you run it.
clonevk970qmb36abnqgnsw0n958qwn182t9b8configvk970qmb36abnqgnsw0n958qwn182t9b8latestvk970qmb36abnqgnsw0n958qwn182t9b8openclawvk970qmb36abnqgnsw0n958qwn182t9b8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.