Clawdbot Skill Update
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read the backup may be able to recover Clawdbot credentials or provider tokens.
The skill explicitly backs up local Clawdbot credentials and auth tokens. This is expected for a full rollback workflow, but the resulting backup is sensitive.
Credentials and auth tokens ... Backs up: ~/.clawdbot/credentials/ (auth tokens)
Store backups in a private location, check file permissions, do not share backup archives, and remove old backups when no longer needed.
Restoring an old or tampered backup could reintroduce stale, sensitive, or unwanted agent state and workspace contents.
The backup preserves sessions, agent state, and full configured workspaces, which may contain persistent agent context and private user data.
tar -czf "$BACKUP_DIR/sessions.tar.gz" -C ~/.clawdbot sessions/ ... tar -czf "$BACKUP_DIR/agents.tar.gz" -C ~/.clawdbot agents/ ... tar -czf "$BACKUP_DIR/workspace-${SAFE_NAME}.tar.gz" -C "$workspace" .Restore only backups you trust, review configured workspace paths before backup/restore, and consider excluding or separately protecting highly sensitive workspace files.
Running restore against the wrong or untrusted backup can replace current configuration, sessions, credentials, cron state, and workspace files.
The restore script intentionally overwrites Clawdbot configuration and replaces local state directories and workspace contents. It warns the user first, so this is disclosed, but it is still high-impact.
WARNING: This will overwrite current configuration and workspaces ... rm -rf ~/.clawdbot/sessions ... tar -xzf "$BACKUP_FILE" -C "$workspace"
Run restore only after making a fresh safety backup, verify the backup directory and workspace paths, and require explicit user approval before an agent runs it.
If the upstream repository or dependencies are compromised, the update process could install unsafe code.
The documented update flow pulls upstream code and installs/builds dependencies. This is expected for updating Clawdbot, but it depends on the trustworthiness of the repository and package dependencies.
git pull --rebase origin main pnpm install pnpm build
Verify the repository and branch, review release notes or commits for major updates, and consider pinning known-good versions for production systems.