Skillv1.0.0

ClawScan security

TimeMachine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 8:13 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is broadly what it claims (local snapshots of OpenClaw data) but there are inconsistencies and sensitive behaviors (it backs up credentials/.env unencrypted and the README promises integrations/configurable autosnapshot behavior that the scripts don't implement), so review before use.
Guidance: This package is a local backup/restore tool for OpenClaw and mostly does what it claims, but take care before installing: - It copies secrets: snapshots include credentials/* and .env (unencrypted) — ensure ~/.openclaw/snapshots is protected (file permissions, disk encryption) and consider encrypting snapshots before storing them. - The README promises auto-snapshot and prompting behavior configurable via openclaw.json, but the provided scripts do not parse openclaw.json or hook into edit events — automatic behavior requires extra integration (cron, file-watchers, or modifying the code). Treat autosnapshot settings in the docs as informational rather than implemented. - Default cleanup/retention values are hard-coded in cleanup.py (RETENTION_DAYS=7, MAX_COUNT=50); if you rely on openclaw.json for retention you should modify the scripts to read that config. - The code runs only locally and performs file copy operations; inspect the scripts yourself and test in a safe environment. If you need remote backups, add explicit, secure upload code (with encryption) — avoid sending snapshots (which include secrets) to untrusted endpoints. If you decide to use it: run it in a controlled environment, verify permissions on the snapshots directory, consider adding encryption for stored snapshots, and update the code if you need the advertised automatic/integration behaviors.

Review Dimensions

Purpose & Capability: okScripts operate on ~/.openclaw, create/restore snapshots, list and cleanup them — this matches the stated purpose of backing up configs and memory. Copying credentials/* and .env is consistent with a full-configuration backup, though it is sensitive.
Instruction Scope: concernSKILL.md claims features that imply integration (prompts before editing critical files, auto-snapshot based on openclaw.json settings). The shipped scripts do not read openclaw.json for autoSnapshot/retention settings and contain no hooks to prompt on edits — the README over-promises automation that the code does not implement. Also the SKILL.md suggests scheduled/automatic behavior but scripts are standalone CLI utilities; external orchestration would be required.
Install Mechanism: okNo install spec; code is shipped as Python scripts that run locally. No remote downloads or installers were included.
Credentials: concernThe skill requests no environment variables, but it copies sensitive files into snapshots (credentials/*, .env, workspace memory). Backing up secrets is functionally reasonable for a backup tool, but snapshots are stored unencrypted under ~/.openclaw/snapshots by default — this is a significant sensitivity concern and should be highlighted to users.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or global agent settings. It writes files under the user's home (~/.openclaw/snapshots) which is expected for a backup tool.