Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Backup & Restore
v1.0.3Backup and restore OpenClaw configuration, agents, sessions, and workspace to/from a private Git repository. Use when the user wants to manually trigger a ba...
⭐ 1· 366·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description match the included scripts: they back up ${HOME}/.openclaw to a Git repo and can restore it. However, the registry metadata claims no required binaries or envs even though the scripts require git, rsync, npm, and the OpenClaw CLI (openclaw). It also implicitly requires a working SSH/git auth setup for the remote repo. The missing required-tool declarations are an inconsistency.
Instruction Scope
SKILL.md and the scripts stay within the stated purpose (sync .openclaw to/from a Git repo). The restore script runs 'find ... -execdir npm install' which will execute package install scripts in restored directories (a legitimate restore step but a notable execution risk if the backup contains malicious package.json files). The scripts read OpenClaw config and operate on ${HOME}/.openclaw and ${HOME}/openclaw-backup — they will move potentially sensitive runtime/config/identity files to the configured remote, which is expected but requires caution.
Install Mechanism
No install spec (instruction-only) — no external archives are downloaded by the skill itself. The scripts are included in the skill bundle and will be executed by the agent when invoked. This is a low-risk install mechanism in the sense of remote code fetching, but the included scripts will perform network operations (git push/pull, npm install).
Credentials
The skill requests no environment variables in metadata, yet it depends on a user-configured OPENCLAW_BACKUP_REPO value in OpenClaw config and needs access to the user's SSH/git credentials and HOME. The scripts will read/write the entire ${HOME}/.openclaw (including identity/credentials files referenced in SKILL.md), then push them to the configured remote — this is functionally necessary but high-impact, so the omission in metadata and lack of explicit credential requirements is concerning.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges or modify other skills. It does, however, read and write the user's OpenClaw runtime data and will perform autonomous git operations when invoked; that autonomy is platform-default and not by itself a flag here.
What to consider before installing
Before installing or running this skill, make sure you: 1) Verify OPENCLAW_BACKUP_REPO is set to a private, access-controlled repository (do not push secrets to a public repo). 2) Confirm you have git, rsync, npm, and the OpenClaw CLI available on the machine; the skill metadata currently does not declare these requirements. 3) Understand that restore runs 'npm install' in any folder with package.json — that can run arbitrary install scripts from code stored in the backup. Consider disabling automatic npm installs (or review package.json files) when restoring. 4) Ensure your SSH/git credentials used for push/pull have appropriate scope and rotate credentials if you suspect exposure. 5) Test the backup/restore flow on a non-production copy first to validate behavior and the rsync/git semantics (watch for nested directory issues). 6) If you plan to proceed, update the skill metadata or documentation to list required binaries and clearly warn about the sensitivity of files under ~/.openclaw. If you want, provide the agent with a read-only or restricted backup repo and review the contents before running npm install or pushing sensitive files.Like a lobster shell, security has layers — review code before you run it.
latestvk97947ybwaqvynnhbjvff2hypn82zg61
License
MIT-0
Free to use, modify, and redistribute. No attribution required.