Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
EternalClaw Memory Sync
v1.0.0Securely backup and restore Openclaw agent memory from remote URLs using AES-256-GCM encryption.
⭐ 0· 71·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The scripts implement downloading a base64 AES-256-GCM blob, Argon2-derived keying, decryption, and file restoration — which matches the skill description. However, there are documentation/code inconsistencies (see below) that reduce confidence the package will work as intended without modification.
Instruction Scope
SKILL.md instructs the agent to download and decrypt a user-provided URL and restore files (expected). But SKILL.md references a script path ('skills/memory-sync/scripts/restore_secure.py') that does not match the repository layout ('scripts/restore_secure.py'). The doc also tells users to pip install argon2-cffi, yet the code imports Argon2id from cryptography — a dependency/API mismatch. The runtime instructions give the agent broad ability to fetch arbitrary URLs (which is expected for this tool but requires user caution).
Install Mechanism
There is no install spec (instruction-only), so nothing is automatically written/installed. The README recommends pip installing cryptography, requests, and argon2-cffi; that is a manual step. Because dependencies are only recommended in documentation, the installer risk is low, but the dependency list does not align with the imports in the code.
Credentials
The skill requests no environment variables, credentials, or config paths — consistent with a user-driven restore tool that uses a provided URL and password.
Persistence & Privilege
The skill is not forced-always and does not request persistent privileges. It performs file writes to the output directory provided by the user; this is expected for a restore tool but can overwrite files in the workspace if misused.
What to consider before installing
This package is not outright malicious, but exercise caution. Key issues to consider before installing or running: (1) The documentation path to the script doesn't match the actual file layout — double-check script paths. (2) The SKILL.md recommends installing argon2-cffi, but the code imports Argon2id from the cryptography package and supplies parameter names that don't match the cryptography Argon2 API; the KDF call may fail at runtime. (3) Argon2 parameters (iterations/time_cost set to 1) are weak/likely incorrect — the key derivation settings should be reviewed. (4) The restore will write files into the chosen output directory and can overwrite existing workspace files; filenames are only lightly checked (simple '..' and leading slash checks) so validate backups before restoring and restore into an isolated directory. (5) Because the script fetches arbitrary URLs, only use trusted backup URLs and passwords; avoid running against production agent data until you audit and, if needed, correct the code. Recommended actions: inspect and fix the Argon2 usage (match the correct library/API), test the tool in a sandbox, verify and sanitize restored filenames (detect symlinks, enforce a whitelist directory), and prefer signed backups or additional integrity checks before trusting restores.Like a lobster shell, security has layers — review code before you run it.
latestvk970qvzhp08n9ehz67dm5qsct583h4rv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.