Git-Crypt Backup
v1.0.0Backup Clawdbot workspace and config to GitHub with git-crypt encryption. Use for daily automated backups or manual backup/restore operations.
⭐ 2· 3.1k·12 current·13 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the included SKILL.md and script: both perform git-based backups of ~/clawd and ~/.clawdbot and use git-crypt. Minor mismatch: the registry metadata lists no required binaries or credentials, but the instructions assume common tools (git, git-crypt, an SSH-capable git remote, and a package manager for installing git-crypt). This is an omission in the declared requirements but not evidence of malicious intent.
Instruction Scope
Runtime instructions operate only on the declared targets (workspace and config directories), the repo setup, and exporting git-crypt keys. They do not instruct reading or exfiltrating other system files or environment variables, nor do they phone home to unknown endpoints — pushes go to the user’s GitHub repo as configured.
Install Mechanism
This is an instruction-only skill with a small, local bash script. There is no install spec that downloads remote archives or executes arbitrary installers. The only install guidance is to use system package managers (brew/apt) to install git-crypt, which is a low-risk, expected instruction.
Credentials
No environment variables/credentials are declared, which is reasonable for a local backup script, but the instructions implicitly require Git access (SSH keys or other Git credentials) and a writable GitHub repo. The skill also instructs exporting git-crypt keys to ~/clawdbot-keys — storing these keys insecurely would expose backups. These implicit dependencies should be understood by the user before use.
Persistence & Privilege
The skill does not request elevated persistence (always:false) and does not modify other skills or global agent settings. The included script only runs when invoked or scheduled by the user (cron), so its privilege is limited to the invoking user's file permissions.
Assessment
This skill appears to do what it says: push the Clawdbot workspace and config to GitHub with git-crypt protecting selected files. Before installing or running it, consider the following:
- Pre-requisites: ensure git and git-crypt are installed, and that you have GitHub push access (SSH keys or other creds). The skill does not list these required binaries/credentials — set them up first.
- Review .gitattributes and .gitignore carefully: a misconfigured .gitattributes or an initial commit made before setting up encryption can leak secrets. Verify the repository locally (git status, git-crypt unlock/test) before pushing.
- Protect git-crypt keys: the instructions export keys to ~/clawdbot-keys; store these keys in a secure vault (hardware token, password manager) and do not leave them on disk in plaintext if you want confidentiality.
- First-run safety: on initial setup, inspect the working tree for accidental plaintext secrets and consider removing or encrypting them before the first push.
- Automation considerations: if you schedule the script (cron), ensure the scheduled environment has the same SSH keys and permissions, and that git-crypt keys are available in a secure manner.
If you want stronger assurance, ask the skill author to explicitly declare required binaries/credentials and to include checks in the script that verify git-crypt is initialized and that no unencrypted sensitive files are staged before pushing.Like a lobster shell, security has layers — review code before you run it.
latestvk971j07948br4f98d7wcs068wh7zzc9z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.