clawsync
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the installer could place unreviewed code on the machine that can later read, write, back up, or restore OpenClaw state.
The install path executes a remote script fetched from a mutable GitHub branch. Because the submitted package is instruction-only and the tool would handle sensitive OpenClaw state, this creates a material provenance and review gap.
curl -fsSL "https://raw.githubusercontent.com/linsheng9731/clawsync/main/scripts/install.sh" | CLAWSYNC_GH_REPO="linsheng9731/clawsync" bash
Inspect the installer and source before running it, prefer a pinned release with checksums/signatures, and avoid piping remote scripts directly into a shell.
If archives are pushed to the wrong Git remote, served too broadly, or restored incorrectly, account tokens or sessions could be leaked or overwritten.
The skill explicitly requests broad read/write access to OpenClaw state and acknowledges that archives may include credentials and session material.
- read: ~/.openclaw - write: ~/.openclaw ... Archives may contain sensitive data (`openclaw.json`, credentials, sessions).
Use only private remotes, review what is included, use include/exclude controls, keep archives encrypted or otherwise protected, and test restores with --dry-run first.
A mistaken restore or prune command could overwrite local OpenClaw data or remove backup branches.
The documented commands can apply restores or prune remote backup branches. The skill also instructs agents to run --dry-run first and use --yes only after explicit confirmation, so this is disclosed but still high-impact.
clawsync pull --repo-dir ~/.clawsync-repo --branch <branch> --yes clawsync unpack --from /path/to/archive.tar.gz --yes clawsync git prune-branches --repo-dir ~/.clawsync-repo --keep-days 30 --dry-run
Always review dry-run output, confirm exact paths and branches, and keep an independent backup before applying destructive or overwrite operations.
If the server is exposed beyond the intended machine or the token is shared, sensitive backup archives could be accessed or modified.
The skill can start an HTTP archive service with upload, download, backup, and restore endpoints. Token protection and localhost-only restore behavior are disclosed, but the service can expose sensitive archives if misconfigured.
clawsync serve --token "<secret>" --port 7373 ... GET /download/<filename> (token required) POST /upload (token required) POST /restore/<filename>?dry_run=1|confirm=1 (localhost-only)
Bind the service to localhost where possible, use a strong token, avoid public exposure without TLS and a reverse proxy, and stop the server when it is no longer needed.
A scheduled backup could continue running after the immediate task and keep writing archives or pushing data.
The skill declares crontab as a required binary and advertises periodic backups, indicating possible scheduled behavior. This fits the backup purpose but should remain user-controlled.
requires: bins: ["node", "git", "tar", "crontab"] ... run periodic backups
Only enable scheduled backups intentionally, document the schedule, and inspect/remove related crontab entries when no longer needed.