Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openclaw Plugin
v0.2.10Cross-device sync for OpenClaw workspace (skills, memory, settings) via GitHub
⭐ 0· 107·0 current·0 all-time
by@imink
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, skills, hooks and code all consistently implement a GitHub-backed sync for the OpenClaw workspace (pull/push/status/start/reset). Requiring the gh CLI in hook metadata and referencing workspace paths in SKILL.md is coherent with the stated purpose.
Instruction Scope
Runtime instructions and skill docs repeatedly tell the agent to run 'npx any-sync' commands and to read/write config at $HOME/.any-sync.json and .any-sync.lock and workspace directories. That's expected for a sync tool, but running 'npx any-sync' will fetch and execute remote code if not locally installed — the instructions grant broad discretion to execute that package. Hooks auto-run autoPull/autoPush on session start/end and fail silently, which could hide failures or unexpected behavior.
Install Mechanism
No install spec is provided in the registry entry even though the package.json lists dependencies and the plugin code requires '@any-sync/cli'. The package.json uses an unpinned dependency ('@any-sync/cli': '*'), and the SKILL.md instructs use of 'npx any-sync' (runtime retrieval/execution). These are supply-chain risks: arbitrary new code could be executed when installing or running the CLI.
Credentials
The skill doesn't declare required environment variables, but the start wizard advises using GITHUB_TOKEN or gh auth login, and optionally OPENCLAW_WORKSPACE/OPENCLAW_PROFILE for custom paths. Those env vars are relevant to GitHub authentication and workspace location. No unrelated credentials or unexpected config paths are requested.
Persistence & Privilege
The plugin registers session_start and session_end hooks to auto-pull/push by default (autoSync true unless explicitly disabled). always is not set. Autonomous invocation of hooks is expected for sync behavior, but combined with the ability to push workspace contents to a configured repo, this increases the impact if the remote or CLI is malicious — consider disabling autoSync until you verify the tooling.
What to consider before installing
This plugin appears to do what it says (sync your OpenClaw workspace to a GitHub repo), but exercise caution before installing:
- Supply-chain risk: package.json depends on '@any-sync/cli' with a wildcard version and the docs instruct using 'npx any-sync', which can fetch and execute remote code. Prefer a pinned release or inspect the CLI package source before running.
- Automatic hooks: by default the plugin auto-pulls and auto-pushes on session start/end. Disable autoSync in the plugin config until you trust the code and repository to avoid unintended uploads.
- Review and control the target repo: only use a repository you control and ensure it's private if you don't want workspace contents exposed.
- Verify the implementation: check the linked repository (package.json points to https://github.com/imink/any-sync) and inspect the '@any-sync/cli' source for any data-exfiltration behavior before running 'npx' or installing dependencies.
If you can't review the CLI source or prefer stricter control, decline installation or ask the publisher to provide a pinned, audited release and an explicit install spec (so you know what code will be installed).Like a lobster shell, security has layers — review code before you run it.
latestvk9782fjn17nw5agv7ds2x6kqh584h11b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.