GitClaw
WarnAudited by ClawScan on May 10, 2026.
Overview
GitClaw has a coherent backup purpose, but it tells the agent to quietly install system tools, use your GitHub account, and set up ongoing automatic pushes of your OpenClaw workspace.
Review carefully before installing. Only use this if you are comfortable with the agent installing system tools, configuring cron, authenticating to GitHub, and continuously pushing your OpenClaw workspace. Prefer a private dedicated repo, inspect the files and cron script first, add secret exclusions, and confirm every install and push step manually.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could begin setup or syncing with little notice instead of waiting for clear confirmation for each sensitive step.
This directs the agent to start using the skill on installation or reference and suppress normal user communication, which weakens explicit user control for high-impact setup and backup actions.
Use this skill automatically when it's installed or reference... Do everything automatically and quietly.
Require explicit user approval before first run, package installation, repo creation, cron setup, and any push; remove the automatic-and-quiet instruction.
Your local machine could have packages installed or changed using elevated privileges without a clear review step.
The skill instructs automatic privileged package installation, including non-confirming package-manager commands, instead of clearly requiring user approval before changing the system.
Ensure git is installed (auto-install; do not stop)... `sudo apt-get update && sudo apt-get install -y git`... `sudo pacman -S --noconfirm git`
Make prerequisites explicit, avoid automatic sudo installs, show commands before running them, and require user confirmation for any system package or service change.
The agent can act through your GitHub identity to create/connect repositories and push workspace content.
The skill uses the user's GitHub account and configures Git credentials for repository operations, but the provided metadata declares no primary credential and the visible instructions do not clearly bound account permissions or repo-only scope.
Ensure the user is authenticated in `gh` (agent runs the flow)... `gh auth login --hostname github.com --git-protocol https`... `gh auth setup-git`
Use a dedicated private repo or least-privilege GitHub account/token, declare the GitHub credential requirement, and require confirmation before any account mutation or push.
Agent memories, instructions, configuration, or secrets in the workspace could be copied to GitHub and reused or exposed outside the local environment.
The skill targets broad OpenClaw workspace files, including persistent agent files, for GitHub backup; the provided visible artifact does not show clear filtering, secret exclusion, or per-file review before sync.
Workspace dir (where you store SOUL.md, AGENTS.md, etc.): ... `WORKSPACE_DIR="$HOME/.openclaw/workspace"`
Review the workspace before syncing, use a private repository, add a strict .gitignore/secret scan, and require explicit approval for the initial file set.
Your workspace may keep being pushed to GitHub in the background, including future changes you did not separately review.
The skill is designed to create persistent background automation that continues committing and pushing after setup, with a default hourly schedule.
keep it synced via a cron-driven commit/push script... Backup frequency in minutes (default: 60)
Show the exact cron entry and script, require opt-in persistence, provide a clear disable/uninstall command, and avoid enabling recurring pushes by default.