Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Backup Full System
v1.2.0Thực hiện sao lưu toàn bộ hệ thống OpenClaw (bao gồm database, cấu hình và bộ nhớ) rồi tải lên đám mây. Yêu cầu cài đặt rclone hoặc công cụ upload tương ứng.
⭐ 0· 214·1 current·1 all-time
byTrần Anh Vũ@jaskies
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (full-system backup to cloud) matches what the script does, but the implementation contains unexplained hardcoding and platform assumptions: PARENT_DIR is fixed to /home/jackie_chen_phong (not configurable), the rclone remote name 'gdrive' is hardcoded, and the SKILL metadata declares no required binaries or env vars even though the script requires sudo, tar, rclone, apt/pip/crontab utilities. Those omissions reduce coherence between stated requirements and actual needs.
Instruction Scope
The script accesses many sensitive items: ~/.bashrc, ~/.profile, ~/.config, system package lists, pip packages, crontab, and system files such as /etc/tailscale and /etc/systemd/system/openclaw*. Collecting and archiving these is consistent with a 'full backup' goal, but it will capture credentials/configuration that could be sensitive (e.g., Tailscale keys or service unit files). The SKILL.md does not warn that sudo is required to read system files nor emphasize reviewing which files will be included.
Install Mechanism
This is an instruction-only skill with no install spec, which is low-risk from an installation perspective. The README suggests installing rclone/tar via apt, but there is no automated installer. That's acceptable, but users should be warned that following the suggested apt commands will change system state (install packages) and must be run with sudo.
Credentials
No environment variables or credentials are declared in metadata, yet the script implicitly depends on a preconfigured rclone remote (named 'gdrive') and uses sudo to read system files. The skill will archive tokens/configuration stored in the filesystem (rclone config, Tailscale files, systemd service files) without declaring or constraining access — this is disproportionate relative to the metadata and increases risk of unintended secret exfiltration.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges. However, it requires elevated file-read privileges (via sudo) at run time to collect system config, and it writes backups to the user's backups directory and deletes old archives. These actions are within a backup's scope but should be explicit and require user consent.
What to consider before installing
Before installing or running this skill: 1) Inspect and edit the script — change PARENT_DIR to the intended path or make it configurable; remove or review copying of /etc/tailscale and any systemd files if you do not want service credentials backed up. 2) Understand sudo: the script uses sudo to copy system files; run it in a controlled environment or grant sudo only when you review the commands. 3) Rclone configuration: the script expects a remote called 'gdrive' (gdrive:OpenClaw_Backups). Ensure your rclone remote name and permissions are correct and consider enabling encryption on the remote. 4) Test on a non-production system first to confirm which files are included. 5) If you want to reduce risk, remove collection of apt/pip lists and crontab, or limit which config directories are archived. Additional information that would increase confidence: confirmation from the author that the hardcoded path is intentional, a configurable version of the script, and explicit documentation of exactly which files are considered sensitive and why they are included.Like a lobster shell, security has layers — review code before you run it.
latestvk97bgeby450mbe5a5855g56ge982sfg3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.