Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Complete Agent Backup
v1.0.0Multi-platform backup and restore for Hermes Agent and OpenClaw. Backs up configuration, memories, skills, sessions, and workspace. Features: optional encryp...
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (backup/restore for Hermes and OpenClaw) align with the included scripts: backup.sh, restore.sh, and config.sh operate on ~/.hermes and ~/.openclaw and include options for encryption, incremental/full backups, and creating manifests. However SKILL.md advertises features (web-based management UI, a full cloud setup wizard/OAuth flows) that are not present or are explicitly marked as 'not yet implemented' in config.sh; this is an inconsistency between claims and actual capability.
Instruction Scope
Runtime instructions and scripts operate on user home data (config files, .env, credentials directories, session histories, installed skills, state.db) — this is expected for a backup tool but means the skill reads and archives highly sensitive secrets (API keys, tokens, auth.json, .env). The scripts use standard local commands (tar, rsync, openssl, pkill, python3). They create temporary archives and a safety pre-restore backup. No unexpected external endpoints are shown in the provided scripts, but the cloud-upload path is truncated/unclear; enabling cloud upload could transmit sensitive data externally.
Install Mechanism
No install spec is provided (instruction-only with included shell scripts). Nothing is downloaded during install in the package itself. This is lower-risk than arbitrary remote installers, but you must inspect the scripts before running.
Credentials
The skill does not request environment variables or credentials at install, which is appropriate. However, it intentionally reads and copies secret-bearing files (~/.hermes/.env, openclaw.json, credentials directories, auth.json). That behavior is proportional to a backup tool but materially increases risk: any cloud upload or misconfigured backup location could expose API keys and tokens. SKILL.md shows cloud setup flows asking for AWS/GDrive/Dropbox credentials; config.sh indicates cloud setup is not implemented yet, so it's unclear how and where those credentials would be used or stored.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It writes a self config file under ~/.hermes-backup and creates archives in user-specified locations. It does not request system-wide privileges or modify other skills. Scheduling features are mentioned but the provided scripts do not automatically register persistent system-wide services.
What to consider before installing
This package is a local backup/restore tool and the scripts do what a backup tool should: copy configs, sessions, skills, databases, and credential files under ~/.hermes and ~/.openclaw. Before installing or running it, do the following: 1) Review the cloud-upload code (cloud-config.sh or any cloud upload implementation) — the SKILL.md mentions cloud/OAuth uploads but the shipped config script notes cloud setup is not yet implemented; if cloud upload is enabled later it could send all your secrets off-host. 2) Understand backups contain secrets (./.env, auth.json, openclaw.json, credentials/) — keep archives encrypted (use --encrypt) and store them in a trusted location; verify encryption is implemented correctly. 3) Prefer running in --dry-run and inspect created archives in a safe temporary folder before restoring. 4) Check file permissions after creating backups (the scripts set chmod 600 on archives and config, but verify). 5) Because SKILL.md advertises features (web UI, cloud wizard) not in the scripts, treat the release as incomplete and avoid enabling any automated cloud/scheduling hooks until you can audit that code. 6) If you need higher assurance, run the scripts in a controlled environment or sandbox and/or ask the author for the missing implementation details (web UI, cloud upload) and a provenance link (repository/homepage).Like a lobster shell, security has layers — review code before you run it.
backupvk973t3b0q4s1n9qcnq202sg2an83nrh1hermesvk973t3b0q4s1n9qcnq202sg2an83nrh1latestvk973t3b0q4s1n9qcnq202sg2an83nrh1openclawvk973t3b0q4s1n9qcnq202sg2an83nrh1opsvk973t3b0q4s1n9qcnq202sg2an83nrh1utilityvk973t3b0q4s1n9qcnq202sg2an83nrh1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.