Publish

The OpenClaw AgentSkills bundle 'publish' is classified as benign. The skill's purpose is to securely backup and restore an OpenClaw workspace to a user-specified GitHub repository. Both the `SKILL.md` documentation and the `sync.sh` and `restore.sh` scripts demonstrate a strong focus on security, including comprehensive secret scanning (using a robust regex pattern) across the entire backup directory before any git operations, explicit exclusion lists for sensitive files (e.g., `SITES.md`, `MEMORY.md`, `.env`, `credentials`), and secure handling of GitHub tokens via `gh auth` or `git credential helper`. The `SKILL.md` also provides clear instructions and even security audit tests, indicating transparency rather than malicious intent or prompt injection attempts. There is no evidence of data exfiltration to unauthorized endpoints, persistence mechanisms, or other malicious behaviors.