Back to skill
Skillv1.0.5
ClawScan security
safe-backup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 26, 2026, 5:05 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and behavior are consistent with its stated purpose: it creates a local, filtered tarball of OpenClaw state/workspace and does not request credentials or perform unexpected network exfiltration.
- Guidance
- This skill appears to do what it says, but before installing or running: 1) verify rsync and tar are available on your environment (Windows may need Git Bash/MSYS/WSL); 2) review the generated tarball contents before uploading anywhere — the script excludes many sensitive patterns but you should still inspect the archive; 3) encrypt backups before storing in the cloud or a repo; 4) be aware auth-profiles.json and other credential files are intentionally excluded and you will need to re-authenticate services after restore; and 5) if you want automated remote upload, implement it separately and review its access requirements (this script does not perform remote uploads itself).
Review Dimensions
- Purpose & Capability
- okThe name/description match the code and SKILL.md: the script copies ~/.openclaw and workspace, excludes sensitive patterns, and packages a tar.gz. The guidance about storing or pushing backups is advisory only and not automated.
- Instruction Scope
- noteRuntime instructions and the script operate on local filesystem paths and temporary directories and only produce a local tarball. The script reads optional environment variables OPENCLAW_STATE_DIR and OPENCLAW_WORKSPACE_DIR (not declared in metadata) and relies on standard commands (rsync, tar). It does not upload data or transmit secrets by itself, but it instructs the user how to push to a remote repo (manual steps).
- Install Mechanism
- okNo install spec (instruction-only with a shipped script) — low risk. The script uses standard system tools (rsync, tar). Note: rsync is assumed available but may be absent on some Windows setups; SKILL.md calls this out.
- Credentials
- noteThe skill declares no required credentials or env vars, which is appropriate. The script optionally respects OPENCLAW_STATE_DIR and OPENCLAW_WORKSPACE_DIR and uses $HOME/$TMPDIR/$TEMP — reasonable for locating files. No secrets are requested or written by the skill. Users should note that excluded files (e.g., auth-profiles.json) are intentionally not backed up and must be re-authenticated after restore.
- Persistence & Privilege
- okThe skill is not forced-always, does not modify other skills or global agent settings, and does not persist credentials. Autonomous invocation is allowed (platform default) but the skill's actions are local and user-invocable.