ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawon

v1.0.7

Back up and restore your OpenClaw workspace — memory, skills, config. Local or cloud.

0· 395·2 current·2 all-time
byYonatan Chelouche@chelouche9
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with requested binaries (npx/node) and optional CLAWON_API_KEY for cloud backups. The ability to include memory DB, sessions, and credentials is coherent for a backup/restore tool, but the SKILL.md contains contradictory statements (it says "Credentials are always excluded" yet documents an --include-secrets flag that includes credentials).
!
Instruction Scope
The runtime instructions direct the agent/user to read and package sensitive local state (SQLite memory index, chat history, credentials) when the user explicitly requests it. The doc inconsistently claims credentials are excluded while also offering an --include-secrets option. It also instructs use of environment variables for auth and a passphrase (CLAWON_ENCRYPT_PASSPHRASE) that is not declared in the registry metadata.
Install Mechanism
This is an instruction-only skill that relies on npx (transient install/exec from npm) or an explicit npm install -g/build-from-source. npx execution of remote code is common for CLIs but carries moderate risk; the README points to GitHub and npm which makes auditing possible and is the recommended mitigation.
!
Credentials
Registry metadata only declares an optional CLAWON_API_KEY, which fits cloud backups. However SKILL.md references another env var (CLAWON_ENCRYPT_PASSPHRASE) and suggests exporting API keys or passing them inline. The skill can optionally include local credentials in backups, so more environment/config naming should be declared and justified.
Persistence & Privilege
Scheduling writes to the user's crontab (a persistent system change). This is reasonable for a scheduler feature but is a significant side-effect; the doc does warn the user and explains how to remove cron entries.
What to consider before installing
This appears to be a real backup CLI, but there are contradictions and missing details in the instructions. Before installing or running: 1) Verify the package source on GitHub and npm (recommended: clone and build from source or install locally, not npx). 2) Do not paste API keys inline; prefer an env var, but be aware environment variables may be stored in shell history depending on how you set them. 3) Pay attention to --include-secrets: enabling it will read and archive credentials and auth files — only use it if you understand and accept that risk. 4) The SKILL.md mentions CLAWON_ENCRYPT_PASSPHRASE but the registry metadata does not declare it — ask the publisher or inspect the repo to confirm what env vars the CLI actually uses. 5) Review the output of npx clawon discover before taking any backup, and review crontab (crontab -l) after enabling scheduling. If you need cloud backups, consider creating an account and auditing the client code (or building from source) to ensure it doesn't exfiltrate more than you expect.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fvn531f4m1fnhaktvk960958303gg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binnpx, node
EnvCLAWON_API_KEY (optional, for cloud backups)

Comments