Publish
WarnAudited by ClawScan on May 10, 2026.
Overview
This backup skill is purpose-aligned, but its code does not fully enforce its stated secret-file exclusions and can restore persistent agent configuration from GitHub.
Only use this skill with a private, dedicated GitHub repository and a fine-grained token. Before syncing, inspect what will be committed and add explicit exclusions for `.env`, `credentials`, and any sensitive workspace paths. Before restoring, review the backup repository contents and avoid restoring AGENTS.md, IDENTITY.md, or similar agent configuration files unless you intentionally trust them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private workspace files, including configuration or credential-like files inside skills/scripts, could be uploaded to the configured GitHub repository.
The script copies broad workspace skill/script directories into the backup directory and then commits and pushes them to GitHub. The shown exclusion lists omit documented exclusions such as `.env` and `credentials`, so sensitive local files under those copied trees could be pushed if not caught by the regex scanner.
rsync -a ... "$WORKSPACE/skills/" "$BACKUP_DIR/skills/" ... git add -A ... git push -u origin "$BRANCH"
Before running, add explicit `.env`, `credentials`, and other sensitive-path exclusions to the copy commands, review the repository visibility, and run the backup only after inspecting the staged files.
Users may trust the backup as safer than it is and unintentionally back up sensitive files to GitHub.
The documentation makes strong safety claims about excluding credentials and all API keys, but the provided sync script does not explicitly exclude all of those paths and relies on regex detection that cannot guarantee 'any format'.
These files are **explicitly excluded** ... Any file in `credentials/`, `.env`, `node_modules/` ... ❌ API keys and tokens (any format)
Treat the stated secret-exclusion guarantees as incomplete until the script’s actual copy rules and scanner are tightened and tested against the exact workspace layout.
If the backup repository contains altered agent configuration files, restoring can introduce persistent instructions or identity changes that affect future agent behavior.
The restore script can copy persistent agent configuration and identity files from the GitHub backup into the workspace, even though the documentation describes these files as personal/workspace-specific and not meant to be backed up.
for file in AGENTS.md SOUL.md USER.md TOOLS.md IDENTITY.md HEARTBEAT.md; do
if [[ -f "$TEMP_DIR/$file" ]]; then
cp -n "$TEMP_DIR/$file" "$WORKSPACE/"Do not restore agent identity/configuration files automatically; require explicit file-by-file user approval and verify the repository contents before restoring.
The token can modify the configured backup repository, so an over-scoped token would increase the blast radius if misused.
A GitHub token with write access is expected for a GitHub backup/restore tool, and the documentation recommends least-privilege scoping.
export GITHUB_TOKEN="ghp_xxxx" ... Recommended: Fine-Grained PAT ... Repository access: Only `$BACKUP_REPO` ... Permissions: Contents: Write
Use a fine-grained GitHub token limited to only the intended backup repository with Contents: Write permission.
Users have fewer external signals for verifying where the scripts came from or whether they match an upstream project.
The package includes runnable shell scripts but no upstream source or homepage for provenance checking.
Source: unknown Homepage: none No install spec — this is an instruction-only skill. Code file presence: restore.sh, sync.sh
Review the included scripts directly and prefer a version with a verifiable source repository or signed release history.