Skillv1.0.0

ClawScan security

OpenClaw 备份还原工具 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 1:16 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it contains local shell scripts that copy OpenClaw config files to a backups directory and restore them or restart the gateway; it does not request credentials or perform network I/O.
Guidance: This skill appears to do exactly what it says: local backups, restores, and a gateway restart, with no network calls or credential access. Before installing/using it: (1) inspect the scripts yourself (they're short and local); (2) check that the backup location (~/.openclaw/workspace/backups) has appropriate permissions and that you’re comfortable storing these config files there (backups are not encrypted by the scripts); (3) update restart.sh if your openclaw binary is on PATH (replace the hardcoded nvm path with just `openclaw` or detect the binary), otherwise restart may fail; (4) only add the suggested aliases to your shell rc if you understand and consent to that change; (5) consider making an additional off-site or encrypted backup if these files contain sensitive data. Overall, nothing in the package exfiltrates data or asks for unrelated credentials.

Review Dimensions

Purpose & Capability: okName/description match the actual files: backup.sh copies specified OpenClaw files/dirs into a timestamped folder, restore.sh lists and copies them back, restart.sh invokes the OpenClaw gateway restart. The requested files and operations are appropriate for a backup/restore utility. One minor oddity: restart.sh hardcodes a Node/NVM path ($HOME/.nvm/versions/node/v24.14.0/bin/openclaw) rather than using a generic openclaw on PATH, which is brittle but not incoherent.
Instruction Scope: noteSKILL.md instructs the user to run the included scripts and optionally add aliases to ~/.zshrc. The scripts only operate on $HOME/.openclaw and workspace files listed in the README (IDENTITY.md, USER.md, MEMORY.md, SOUL.md, TOOLS.md, openclaw.json, memory/). They do not read arbitrary system files or transmit data externally. Note: adding aliases modifies the user's shell config only if the user performs the edit.
Install Mechanism: okNo install spec — instruction-only with shipped scripts. Nothing is downloaded or written by an installer; risk from install mechanism is minimal.
Credentials: okThe skill requires no environment variables or external credentials. It naturally reads $HOME to find OpenClaw files. The only environment assumption is a specific nvm-based openclaw binary path used in restart.sh; this is a usability fragility but not a request for secrets.
Persistence & Privilege: okalways is false and the skill does not request permanent elevated presence or modify other skills. The only persistent change the docs suggest is adding aliases to the user's ~/.zshrc, which is a user-driven action.