Back to skill
Skillv1.0.1
ClawScan security
claw-backup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 3:17 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (creating/restoring ZIP backups of the OpenClaw workspace); nothing requests unrelated credentials or network access, but backups are not encrypted and will contain any sensitive files present in the workspace.
- Guidance
- This skill appears coherent and implements what it claims: local backup and restore of the OpenClaw workspace. Before using it, note that backups are not encrypted and by default are written to ~/Desktop (change the --output path if you prefer). Backups will include whatever is in your workspace — including possible API keys, tokens, or private skill code — so store or encrypt the ZIP before sharing or uploading. Review the included scripts if you want to confirm exact file lists and behavior (they perform path safety checks on restore). If you need encrypted backups, either run the ZIP through a tool that supports encryption (7z with a passphrase) or change the workflow to store backups in a secure location.
Review Dimensions
- Purpose & Capability
- okName/description match the actual behavior: the scripts read ~/.openclaw/workspace, collect required/optional files, create a ZIP and SHA256, and restore from a ZIP. No unrelated capabilities (cloud, admin, or network access) are requested.
- Instruction Scope
- okSKILL.md directs running the included Python scripts and describes expected inputs/outputs. The scripts only read/write files under the user's home (workspace and Desktop or provided output path) and do not access external endpoints or unrelated system config.
- Install Mechanism
- okNo install spec; this is instruction + bundled scripts. No downloads or external installers are invoked, so nothing will be written to disk beyond the normal operation of the included scripts when run.
- Credentials
- noteThe skill requests no environment variables or credentials (OK). However, by design it packages workspace contents (including skills/, USER.md, config files, logs) which may contain sensitive data (API keys, tokens, personal data). The manifest prints truncated hashes and the ZIP is explicitly not encrypted.
- Persistence & Privilege
- okalways is false and the skill does not attempt to persist configuration beyond creating backups on disk. It does not modify other skills or global agent settings. Restore prompts the user before overwriting files.