Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The scripts implement a backup + SMTP-send flow (tar.gz creation, optional sensitive-data cleaning, and sending via smtp.qq.com) — this is coherent with the skill name/description. However the registry metadata declares no required binaries or environment variables while SKILL.md and the scripts clearly rely on python3 and QQ_EMAIL/QQ_SMTP_PASSWORD (SMTP auth). The missing declared requirements is an inconsistency.
Instruction Scope
Runtime instructions and scripts operate on arbitrary directories you pass in (including examples that back up ~/.openclaw/*). The clean-sensitive step unpacks archives and edits files. All of this is consistent with a backup tool, but it means the skill will read and (for the cleaning step) modify backup contents — so you must avoid pointing it at sensitive locations unless you intend to email them.
Install Mechanism
There is no formal install spec in the registry (install relies on provided install.sh and manual steps). install.sh expects either a local tarball or a user-supplied download and contains placeholder download URLs (example.com / github/your-repo). No obscure third-party downloads are hardcoded, but the packaging is incomplete and requires manual review before using network download commands.
Credentials
The registry metadata lists no required env vars, but scripts use QQ_EMAIL and QQ_SMTP_PASSWORD (SMTP authorization). The skill therefore requires sensitive credentials (SMTP auth) to function, but those credentials are not declared as primaryEnv/required in metadata — this mismatch can lead to accidental credential exposure. Additionally, the skill may be used to email files that include other secrets (OpenClaw agent configs), so credential/secret handling deserves caution.
Persistence & Privilege
Skill is not always-enabled and does not request elevated privileges or modify other skills' configs. It does not persist additional system-wide privileges beyond normal file I/O for the user running it.
What to consider before installing
This skill's code does what its description promises (create tar.gz and email it via QQ SMTP), but packaging is sloppy: the registry metadata doesn't list python3 or the QQ SMTP environment variables that the scripts expect. Before installing, review the scripts yourself (they are included), and consider these steps:
- Only run the tool on non-sensitive test directories first to verify behavior.
- Do not point it at system or agent directories that contain credentials unless you intend to email them. Backing up ~/.openclaw/agents or similar will likely include secrets.
- Supply QQ_EMAIL and QQ_SMTP_PASSWORD via environment variables, and keep the SMTP auth code secure (do not commit it to repositories).
- If you plan to install via a network download, replace placeholder URLs with a trusted release URL and verify integrity (checksums/signatures) before extracting.
- Note the clean_sensitive routine modifies files inside archives and uses regexes that may over-redact or miss items — test it on sample data.
Given the metadata mismatches and the need to handle credentials carefully, proceed only after manual code review and by limiting the directories you back up.Like a lobster shell, security has layers — review code before you run it.
latestvk97f4a3b5dww3p3mkgte4zxxmn82janx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.