Back to skill
Skillv1.0.3
ClawScan security
🦞 龙虾记忆备份同步技能 / Lobster Memory Backup & Sync · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 10:05 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (local memory files + Git backup/sync) and the requested credentials (SSH key + repo URL) are proportionate, but there are a few metadata mismatches and operational cautions you should be aware of before enabling it.
- Guidance
- This skill is coherent for backing up local 'memory' files to a Git repo. Before installing: 1) Fix the metadata mismatch (the registry should declare GIT_REMOTE and MEMORY_BACKUP_KEY if they are required). 2) Create a dedicated, limited-permission SSH deploy key for backups and use that key path for MEMORY_BACKUP_KEY (do not reuse a general-purpose personal key). 3) Review TRACKED_PATHS and .gitignore to ensure no secrets or sensitive files will be committed; consider adding stricter patterns if you store any credentials locally. 4) Test scripts in a disposable workspace first (clone a test repo) to confirm behavior and outputs. 5) Be cautious if you follow the docs' delete/cleanup rm commands — back up before removing files to avoid accidental data loss. 6) If you plan to enable cron/automatic backups, verify the scan/filter rules you rely on (the sync script scans some sensitive patterns, but overall responsibility to avoid recording secrets rests with you).
Review Dimensions
- Purpose & Capability
- noteThe scripts and SKILL.md implement the declared features (writing memory files, channel sync, and Git backup). However the registry metadata at the top of the package lists no required environment variables while SKILL.md explicitly documents GIT_REMOTE, MEMORY_BACKUP_KEY, and WORKDIR — an inconsistency between declared registry requirements and the runtime instructions that should be corrected.
- Instruction Scope
- noteRuntime instructions tell the agent to extract conversation content and write into workspace memory files, then run the provided scripts. That scope aligns with the skill purpose. The docs also recommend checking/removing old files (rm commands shown in references) which is potentially destructive if run blindly — the shipped scripts do not automatically delete system files but references show manual delete steps that an operator could run; treat those operations as sensitive.
- Install Mechanism
- okNo install spec / external downloads are used. The skill is instruction-first and ships a pair of local shell scripts; there is no network installer or remote code fetch, which minimizes install-time risk.
- Credentials
- noteThe only sensitive requirement is an SSH key path and a Git remote URL (GIT_REMOTE and MEMORY_BACKUP_KEY), which are appropriate for pushing backups. That said, the package metadata omitted listing these env vars while the SKILL.md requires them — this mismatch should be resolved. The scripts rely on the user's HOME and workspace path and will run with the agent's privileges.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills. It suggests optional cron configuration for scheduled backups (operator action). Autonomous invocation is allowed (default), which is expected for skills; combine that with scheduled jobs or broad write access only after you confirm safe defaults.