ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

clawmerge

v3.0.8

OpenClaw workspace backup and restore tool with merge mode.

0· 198·1 current·1 all-time
by@sinoslug
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (workspace backup & merge) align with the scripts' functionality: creating archives, merging memories, exporting cron tasks and optionally restoring session history. HOWEVER the package metadata declares no required binaries or env vars even though the scripts expect tools like python3, tar, crontab, pip3 and optionally 'clawhub'. This mismatch is a mild incoherence (documentation/manifest omission) but could surprise users.
!
Instruction Scope
The runtime scripts read system crontab, scan common system directories (/home/*/scripts, /opt/scripts), open ~/.openclaw/openclaw.json (Gateway config), and can export/restore session records from ~/.openclaw/agents/main/sessions (conversation history). discover-scripts.py also enumerates local scripts and inspects their imports and referenced config files. These actions collect wide-ranging local data beyond just a simple file copy of a declared workspace and can include sensitive tokens and conversation history.
Install Mechanism
No external install/download steps are declared and the skill is instruction-plus-scripts bundled in the package (no third-party URL or extract). That lowers supply-chain risk compared with remote downloads.
!
Credentials
The skill declares no required environment variables or primary credential, but the scripts advise backing up/restoring full openclaw.json (which may contain gateway/cron configuration and tokens) and optionally restore conversation sessions. Requesting or touching these sensitive files is proportionate for a full workspace migration only if the user expects and consents — the metadata and SKILL.md do not highlight the sensitivity clearly.
Persistence & Privilege
The skill is not 'always:true' and does not request system-wide persistent privileges. It writes into the user's ~/.openclaw workspace and uses temporary dirs; it does not modify other skills' configs or enable itself automatically.
What to consider before installing
This skill contains fully working backup/restore scripts, but they perform broad local inspection and can include sensitive data. Before installing or running: 1) Review the included scripts (especially discover-scripts.py, one-click-backup.sh, one-click-restore.sh, and INSTALL-CONFIG-TOOLS.md) to confirm you consent to exporting: system crontab, ~/.openclaw/openclaw.json, and session folders (conversation history). 2) Note required tools that are not declared: python3, tar, crontab, pip3, and optionally 'clawhub' — ensure they're available and trusted. 3) Do not use --with-sessions (or restore session data) unless you are comfortable exporting/importing conversation history. 4) Inspect export-public-config.py (mentioned by the scripts) to verify it truly omits API keys/secrets before running automatic export. 5) Run in dry-run mode first to see what would be collected, and consider running the scripts in an isolated environment (VM or throwaway account) if you have sensitive data. 6) Backup any important config (especially openclaw.json) separately before restoring, and verify any restored cron/system changes before applying them.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c4fk90qyzy9vfqxxtfdgm0s83m8ra

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments