ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Sync

v2.0.0

OpenClaw 数据轻量同步技能。基于 rclone + cron,支持 70+ 云存储后端, 定时备份 workspace 数据,资源占用极低。

0· 409·1 current·1 all-time
bysilas@aohoyo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (backup via rclone+cron) matches the main scripts: sync.sh, setup-cron.sh, remove-cron.sh and the SKILL.md instructions. Required binary (rclone) is appropriate. However, metadata and docs contain inconsistencies: README refers to scripts (setup.sh, sync-now.sh, restore.sh, list-remote.sh) and systemd unit files that are not present; package.json lists an npm dependency 'rclone' (rclone is not typically an npm package) and a repository/homepage that may not exist. These mismatches suggest poor maintenance or copy‑paste errors and reduce confidence in provenance.
!
Instruction Scope
Runtime instructions and scripts will modify the user's crontab and will read and upload files from a workspace directory. The scripts hardcode a WORKSPACE_DIR (/home/wwlhlf/.openclaw/workspace) whereas other docs reference /home/node/.openclaw/workspace — this can cause the script to access an unexpected path or fail silently. The sync list explicitly includes sensitive files (IDENTITY.md, USER.md, memory/, etc.), so installing and enabling this skill will back up potentially sensitive agent data to whatever rclone remote is configured. SKILL.md also suggests piping rclone's install script via curl | sudo bash, which is an operational security risk if blindly followed.
Install Mechanism
There is no automated install spec; the skill is instruction-only with scripts provided. That is a lower install-risk profile than arbitrary downloads/executables. The scripts themselves are plain shell scripts (no obfuscated code). The only risk here is operational (running provided scripts will modify crontab and write logs).
Credentials
The skill requests no environment variables or explicit credentials from the registry metadata, which is reasonable because rclone stores credentials in rclone.conf. However, _meta.json references a rclone config path (~/.config/rclone/rclone.conf) and README refers to config/rclone.conf — the skill does not consistently document where secrets should reside. Because rclone will hold cloud provider keys, the user must be aware that configuring the remote will place secrets on disk (and the skill will use them). The number and sensitivity of files selected for backup is high; ensure you intend to upload those files to the configured remote.
Persistence & Privilege
The skill installs a cron job into the user's crontab (setup-cron.sh) and can remove it (remove-cron.sh). always is false and model invocation is not disabled. Installing the cron job is a normal behavior for a scheduled backup tool, but it will cause autonomous periodic uploads of the selected workspace directory. README also mentions systemd service management, but those unit files are not present in the repository — another mismatch to be aware of.
What to consider before installing
This skill likely does what it claims (periodic rclone backups), but several inconsistencies and high-sensitivity defaults mean you should proceed cautiously: - Inspect and correct the WORKSPACE_DIR in scripts/sync.sh before running (it currently uses /home/wwlhlf but other docs mention /home/node). Make sure it points to the workspace you actually want to back up. - Review config/sync-list.txt: it includes identity/memory files (IDENTITY.md, USER.md, memory/). Only enable syncing of sensitive items if you trust the destination remote. - Understand where rclone will read credentials from (typically ~/.config/rclone/rclone.conf). Verify that the rclone remote you configure is correct and that credentials are stored securely. - Test with --dry-run first (bash scripts/sync.sh --dry-run) and inspect logs before enabling cron. Do not enable cron until you confirm behavior. - Be wary of following the generic install command (curl https://rclone.org/install.sh | sudo bash); prefer installing rclone by vetted package steps or manual review of the install script. - Note the repo/docs mismatches (missing scripts, references to systemd units, package.json dependency on an npm 'rclone') — treat these as signs the package may be poorly maintained or assembled from multiple sources; prefer a vetted source or fix these inconsistencies locally before use.

Like a lobster shell, security has layers — review code before you run it.

aliyunvk97bxr12nayc1zmc11nc3aje0582dyk7backupvk97bxr12nayc1zmc11nc3aje0582dyk7cloudvk97bxr12nayc1zmc11nc3aje0582dyk7inotifyvk97bxr12nayc1zmc11nc3aje0582dyk7latestvk978ppyby2z5qvjw1q54v6vj6982dhchpersistencevk97375ezbxdgqy4sm4hc1akz3x82c9n7qiniuvk97bxr12nayc1zmc11nc3aje0582dyk7realtimevk97bxr12nayc1zmc11nc3aje0582dyk7syncvk97bxr12nayc1zmc11nc3aje0582dyk7tencentvk97bxr12nayc1zmc11nc3aje0582dyk7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
Binsrclone

Comments