clawsync
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: clawgitsync Version: 1.0.0 The skill provides backup and migration utilities for OpenClaw state, including a Git-native workflow and a token-protected HTTP server for archives. It is classified as suspicious due to high-risk patterns: it promotes a 'curl | bash' installation method from a third-party GitHub repository (linsheng9731/clawsync), requests 'high' trust permissions, and implements a network listener ('clawsync serve') that exposes sensitive data like credentials and session tokens from ~/.openclaw. While these features are plausibly related to its stated purpose, the combination of broad file access, network exposure of secrets, and unverified remote installation scripts significantly increases the attack surface.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the installer could place unreviewed code on the machine that can later read, write, back up, or restore OpenClaw state.
The install path executes a remote script fetched from a mutable GitHub branch. Because the submitted package is instruction-only and the tool would handle sensitive OpenClaw state, this creates a material provenance and review gap.
curl -fsSL "https://raw.githubusercontent.com/linsheng9731/clawsync/main/scripts/install.sh" | CLAWSYNC_GH_REPO="linsheng9731/clawsync" bash
Inspect the installer and source before running it, prefer a pinned release with checksums/signatures, and avoid piping remote scripts directly into a shell.
If archives are pushed to the wrong Git remote, served too broadly, or restored incorrectly, account tokens or sessions could be leaked or overwritten.
The skill explicitly requests broad read/write access to OpenClaw state and acknowledges that archives may include credentials and session material.
- read: ~/.openclaw - write: ~/.openclaw ... Archives may contain sensitive data (`openclaw.json`, credentials, sessions).
Use only private remotes, review what is included, use include/exclude controls, keep archives encrypted or otherwise protected, and test restores with --dry-run first.
A mistaken restore or prune command could overwrite local OpenClaw data or remove backup branches.
The documented commands can apply restores or prune remote backup branches. The skill also instructs agents to run --dry-run first and use --yes only after explicit confirmation, so this is disclosed but still high-impact.
clawsync pull --repo-dir ~/.clawsync-repo --branch <branch> --yes clawsync unpack --from /path/to/archive.tar.gz --yes clawsync git prune-branches --repo-dir ~/.clawsync-repo --keep-days 30 --dry-run
Always review dry-run output, confirm exact paths and branches, and keep an independent backup before applying destructive or overwrite operations.
If the server is exposed beyond the intended machine or the token is shared, sensitive backup archives could be accessed or modified.
The skill can start an HTTP archive service with upload, download, backup, and restore endpoints. Token protection and localhost-only restore behavior are disclosed, but the service can expose sensitive archives if misconfigured.
clawsync serve --token "<secret>" --port 7373 ... GET /download/<filename> (token required) POST /upload (token required) POST /restore/<filename>?dry_run=1|confirm=1 (localhost-only)
Bind the service to localhost where possible, use a strong token, avoid public exposure without TLS and a reverse proxy, and stop the server when it is no longer needed.
A scheduled backup could continue running after the immediate task and keep writing archives or pushing data.
The skill declares crontab as a required binary and advertises periodic backups, indicating possible scheduled behavior. This fits the backup purpose but should remain user-controlled.
requires: bins: ["node", "git", "tar", "crontab"] ... run periodic backups
Only enable scheduled backups intentionally, document the schedule, and inspect/remove related crontab entries when no longer needed.