Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Elegant Sync
v1.0.4优雅安全的 OpenClaw 配置同步工具 - 支持选择性备份、.gitignore 规则、版本控制
⭐ 0· 476·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match the implementation: the code copies ~/.openclaw/workspace and pushes a per-instance branch/tags to a remote git repo. However the registry metadata declares no required env or credentials while both SKILL.md and index.js expect a BACKUP_REPO and BACKUP_TOKEN stored in ~/.openclaw/.backup.env — this is an inconsistency that should have been declared.
Instruction Scope
SKILL.md and index.js read files under ~/.openclaw (workspace and a .backup.env config file). The tool constructs a repo URL that embeds the BACKUP_TOKEN and runs git init/commit/push (including --force). Although the docs say it won't upload .env/openclaw.json/credentials/, the code's default ignorePatterns do not include .env, openclaw.json or credentials/ — so unless the user's .gitignore contains those, sensitive files may be copied and pushed. The tool also force-pushes branches, which can overwrite remote history.
Install Mechanism
No install script or external downloads; this is an instruction-only skill with an included index.js. No arbitrary remote code is fetched during install.
Credentials
Requesting BACKUP_REPO and BACKUP_TOKEN is proportionate to backing up to a git host. But those credentials were not declared in the registry metadata. The implementation embeds BACKUP_TOKEN in the HTTPS URL used for git push which can leak the token via process listings, shell history, or remote URL storage. The code attempts to mask the token only in error messages, not in other exposures.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and runs only when invoked. It writes temporary staging under ~/.openclaw and a local backup directory, which is expected for a backup tool.
What to consider before installing
This skill appears to implement backup-to-git as advertised, but there are several practical risks you should consider before installing: 1) It expects a BACKUP_REPO and BACKUP_TOKEN saved in ~/.openclaw/.backup.env, but the registry metadata does not declare these — verify you are comfortable providing a git token. 2) The code embeds the token into the HTTPS push URL (https://TOKEN@...), which can leak via process lists, git remotes, or logs; prefer using a git credential helper or a deploy token with minimal scopes. 3) The README and SKILL.md claim sensitive files (.env, openclaw.json, credentials/) won't be uploaded, but the code's default ignore list does not include .env, openclaw.json, or credentials/ — unless your workspace .gitignore lists them they may be backed up. Inspect and/or add robust ignore rules before running. 4) The tool does a forced push (--force) to instance branches which can overwrite remote branches; ensure you push to a private backup repo and understand the effects. 5) If you proceed, create a dedicated private repo and a narrowly scoped token (remove repo access after testing), review the index.js source, add explicit ignore entries for all secrets, and run sync with --dry-run first. If you want, I can suggest exact code fixes (add .env/openclaw.json/credentials to ignorePatterns, avoid embedding token in URL, use git credential helper, remove --force) or generate a safer wrapper that uses a credential helper and stricter excludes.Like a lobster shell, security has layers — review code before you run it.
latestvk97fwcbmv8sj6ghe5g8ehzqaex8268a8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.