Skillv1.0.0

ClawScan security

agent-backup-transfer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 9:55 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are consistent with a local backup/restore utility for an OpenClaw agent; it does not attempt network access or demand unrelated credentials, but backups will contain sensitive agent identity/config files so handle them securely.
Guidance: This skill appears to do exactly what it says: create, list, restore, and optionally hook automatic backups of your OpenClaw workspace and config. Before installing or using it, consider the following: - Backups include identity and config files (e.g., .openclaw/openclaw.json, identity, agents) which may contain keys or tokens. Treat backup tar.gz files as sensitive secrets. - When moving backups between machines, use secure transfer channels (encrypted cloud storage, SFTP, or an encrypted USB drive). Avoid sending raw backups over email, instant messaging, or other unencrypted/third-party channels unless you encrypt them first. - The restore action extracts into $HOME and can overwrite files. Verify the archive contents (e.g., tar -tzf <file>) before restoring and keep backups of any files you might need to preserve. - The auto-hook expects the backup script to be located at ~/.openclaw/workspace/skills/openclaw-backup/openclaw-backup.sh; if your skills are stored elsewhere the hook may not find it. Review the created hook script before enabling automated runs or adding it to cron. - As a precaution, inspect the included openclaw-backup.sh yourself (it is provided) and consider encrypting stored backups (e.g., use gpg) if you need to store them long-term or on third-party services.

Review Dimensions

Purpose & Capability: okThe name/description match the provided script and SKILL.md. The script backs up ~/.openclaw/workspace and relevant config files (.openclaw/openclaw.json, identity, agents) and provides create/list/restore/setup-auto commands as advertised.
Instruction Scope: noteInstructions stay within the stated purpose (creating/restoring backups and installing a hook). The restore command extracts the archive into $HOME and will overwrite files; the script prompts for confirmation before restoring. The SKILL.md recommends transferring backups via arbitrary channels (email, Discord, cloud)—this is a user guidance point because backups include sensitive data.
Install Mechanism: okNo install spec; this is an instruction-only skill with an included bash script. Nothing is downloaded from external URLs or written outside the user's home directory by the script itself.
Credentials: noteThe skill requests no environment variables or external credentials (proportionate). However, backups intentionally include identity/config files which likely contain sensitive tokens/keys; that is expected for a full agent backup but requires the user to protect the generated tar.gz files appropriately.
Persistence & Privilege: okalways is false and the script does not request elevated or system-wide privileges. The setup-auto command creates a hook under ~/.openclaw/workspace/.hooks which is limited to the user's home and does not alter other skills or global agent settings.