Skillv1.0.0

ClawScan security

Workspace Git Backup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 1:39 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent: its scripts and instructions implement scheduled Git-based backups to a remote repo and create cron/launchd tasks; nothing in the package appears to try to do unrelated or covert actions, but you should review and be aware it will push whatever is in the configured backup path to the remote and will install persistent scheduled tasks.
Guidance: This package appears to do what it claims, but review and consider these before installing: - Inspect the included scripts (they are bundled) before copying/executing them. The scripts will add/commit and push any changes in the configured backup path to the configured remote — do not include directories containing secrets or credentials unless you intentionally want them backed up to that repo. - Ensure git is installed and that your authentication (SSH key or credential helper, or gh login) is configured; the skill does not declare these binaries but uses them. If you use gh for repo creation, be logged in and understand which account the repo will be created under. - The skill will create cron entries or a launchd plist and write files to ~/.openclaw and ~/Library/LaunchAgents; confirm you are comfortable with persistent scheduled tasks. Use manage.sh uninstall to remove the scheduled task (scripts and config are left in place by design). - Prefer a private repository or a repository with proper access controls. If you need stronger isolation, create a dedicated repository or use a deploy key/account with limited access. - If you want higher assurance, run the backup script manually first and monitor its behavior (what files it commits/pushes), and validate logs at ~/.openclaw/logs/github-backup.log.

Review Dimensions

Purpose & Capability: noteName/description match the actual behavior: scripts configure a Git-backed scheduled backup, optionally use gh for repo creation, and install cron/launchd entries. Minor mismatch: the skill declares no required binaries, but the scripts call git (required), optionally gh (for repo creation), python3 (for json pretty-printing), sed, crontab, and launchctl. Those binaries are reasonable for the stated purpose but should have been declared.
Instruction Scope: okSKILL.md instructs the agent to ask for a backup path, create a config under ~/.openclaw/workspace, copy included scripts into ~/.openclaw/scripts, and install scheduled tasks. The runtime steps and file paths are limited to the user's home (~/.openclaw, ~/Library/LaunchAgents, crontab) and to interacting with git remotes; the instructions do not attempt to read unrelated system files or external data.
Install Mechanism: noteNo remote downloads or package installs — the skill is instruction-only but ships script files which the instructions copy into the user's home directory. This is lower risk than fetching code from arbitrary URLs, but it does write and execute bundled scripts on disk and install persistent tasks.
Credentials: okThe skill declares no environment variables or credentials. That is consistent: git pushes will use the user's existing Git authentication (credential helper, SSH key, or gh login). There is no evidence the skill requests unrelated credentials or attempts to exfiltrate secrets beyond pushing whatever is in the configured backup path to the chosen remote repo.
Persistence & Privilege: noteThe skill installs persistent scheduled tasks (cron on Linux, launchd plist on macOS) and creates files under ~/.openclaw and ~/Library/LaunchAgents. It does not request always:true or modify other skills' configs, but users should note the persistent nature: scheduled runs will continue until the user uninstalls the task.