Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw WebDAV Backup
v1.2.7Backup and restore an OpenClaw workspace with incremental backups, integrity verification, health checks, optional config encryption and optional WebDAV uplo...
⭐ 0· 130·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description match the scripts and documentation: it implements local backups, incremental strategies, optional config encryption, WebDAV upload, and notifications. However the registry metadata claims 'Required env vars: none' while the implementation expects .env.backup, .env.backup.secret and various BACKUP_* and WEBDAV_* variables — the mismatch is a documentation/manifest inconsistency that should be clarified.
Instruction Scope
Most runtime instructions stay within the backup/restore scope. Notable scope creep: the notify script will attempt to read ~/.openclaw/openclaw.json to extract a Telegram bot token if no token is supplied explicitly. Reading the user's main OpenClaw config to auto-discover bot tokens or other secrets is a convenience but also a privacy risk because that file may contain other service tokens/credentials. The scripts also access standard system paths (HOME, ~/.openclaw) and expect .env files; they exclude .env.backup and .env.backup.secret from archives which is good practice.
Install Mechanism
There is no network install step or download-from-URL; the package includes shell scripts and libraries. No install spec present (instruction-only/packaged scripts). This keeps install risk low — nothing will automatically fetch/extract remote code — but running the included scripts will execute the packaged code on disk.
Credentials
Although registry metadata lists no required env vars, the scripts rely on several sensitive environment values and files (.env.backup with WEBDAV_URL/USER/PASS, .env.backup.secret or BACKUP_ENCRYPT_PASS, BACKUP_NOTIFY* tokens). Requiring WebDAV credentials and an optional encryption password is proportional to the stated purpose, but the silent fallback behavior (reading ~/.openclaw/openclaw.json for Telegram tokens) increases the blast radius by allowing the tool to access stored tokens that the user may not expect it to use. The number of optional variables is moderate and mostly justified, but the manifest should explicitly declare them.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configuration. It writes backups, logs, snapshots and temporary files under the user's workspace and ~/.openclaw which is expected for a backup tool. It uses file locking and cleanup traps; no evidence it tries to persist beyond normal backup artifacts.
What to consider before installing
This package appears to implement the described backup features, but review the following before running it:
- Supply your own WebDAV credentials and consider using --encrypt-config before any remote upload. The scripts expect WEBDAV_URL/WEBDAV_USER/WEBDAV_PASS (via .env.backup or env vars) and a decryption password (BACKUP_ENCRYPT_PASS or .env.backup.secret) for encrypted config — the registry metadata did not list these required inputs.
- Inspect ~/.openclaw/openclaw.json: the notify script will try to read it to auto-fill a Telegram bot token if you didn’t provide one. If you do not want the backup tool to read or use tokens stored there, set BACKUP_NOTIFY=0 and explicitly supply tokens only in the notify env file when needed.
- Run a dry-run locally (no --upload) and inspect what files would be archived and what is excluded. Confirm the exclude lists (.env.backup, .env.backup.secret) and that no other secrets are being packaged unintentionally.
- Because the package is script-based, run it in a controlled environment (or a VM/container) first to confirm behavior and to audit logs and network calls. Check the notification scripts (Telegram/WeCom/Feishu) to ensure they only call the expected endpoints when enabled.
- If you need higher assurance, request an explicit manifest from the publisher that lists expected environment variables and any paths the skill will read (especially ~/.openclaw/openclaw.json).Like a lobster shell, security has layers — review code before you run it.
backupvk97a6wf32v7vjhyh8149exzftd844zrbexportvk97a6wf32v7vjhyh8149exzftd844zrblatestvk9785s4sxcxhj6zp11zhh7k48h84bcfpmigrationvk97a6wf32v7vjhyh8149exzftd844zrbrestorevk97a6wf32v7vjhyh8149exzftd844zrbsecurityvk97a6wf32v7vjhyh8149exzftd844zrbwebdavvk97a6wf32v7vjhyh8149exzftd844zrb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.