Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
克隆龙虾
v1.0.0OpenClaw/CatPaw 配置与上下文自动备份恢复工具。在使用 OpenClaw 过程中自动保留配置变更、工作区文件、对话上下文、已安装 Skills 和系统改动到 Git 仓库。 触发场景:(1) 用户要求备份/保存当前配置 (2) 用户要求恢复之前的配置 (3) 对话中产生了重要的配置变更、skill...
⭐ 0· 313·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md, and the scripts all align: the tool collects OpenClaw/CatPaw workspace, config, skills, system files and context and pushes them to a Git repo. However the registry metadata did not declare the CLONE_LOBSTER_REPO_URL env var or the expectation of an SSH deploy key, which is an omission (not necessarily malicious) and reduces transparency.
Instruction Scope
The runtime instructions and backup.sh explicitly read many files beyond simple user configs: session databases, memory files, ~/.ssh/config, /etc/supervisor files, installed package lists, supervisor status, and whole skills directories (including code). Those actions match a broad backup goal but also collect highly sensitive data (API keys, secrets in openclaw.json or session DBs). The SKILL.md does warn about sensitive info, but the automatic-trigger rules (run on many change events) could cause repeated uploads without explicit per-run consent.
Install Mechanism
This is an instruction-only skill with included shell scripts; there is no install spec or remote download. That minimizes installer risk because no external binary is fetched during installation.
Credentials
The scripts require a CLONE_LOBSTER_REPO_URL and an SSH key with write access to the repo, but the registry entry lists no required env vars or primary credential. The skill also uses optional OPENCLAW_WORKSPACE/OPENCLAW_DIR env vars. Expectation of SSH keys and a writable Git repo is reasonable for a backup tool, but the missing declaration in metadata is an inconsistency and the set of data accessed is high-impact (secrets & local system state).
Persistence & Privilege
The skill is not marked 'always:true' and does not request elevated/install-time persistence. It can be invoked autonomously (platform default); combined with the broad data access this increases blast radius if the agent runs backups automatically and the configured repo is untrusted. The scripts themselves do not attempt to modify other skills or global agent configuration.
What to consider before installing
This skill implements a full backup to a Git repo and will copy session DBs, openclaw.json (which may contain API keys/passwords), ~/.ssh/config and system info and push them to whatever repo you configure. Before installing or enabling it: (1) Ensure CLONE_LOBSTER_REPO_URL is set to a trusted, private repo and use a deploy key with minimal scope; (2) Review and, if needed, edit scripts to exclude sensitive files (or add filtering/encryption) — e.g., avoid backing up openclaw.json or strip secrets first; (3) Prefer manual invocation until you verify behavior; disable automatic triggers or limit them in SKILL.md; (4) Add explicit registry metadata for required env vars/credentials so users can see what will be used; (5) Test in a safe environment (temp account/repo) to confirm no unintended data is uploaded. If you cannot verify the destination repo and its access controls, do not enable autonomous backups.Like a lobster shell, security has layers — review code before you run it.
latestvk972v4zkhvjgqa475zcqc1tx0182d87v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.