Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawdog Backup
v1.0.1狗蛋备份恢复技能。备份 OpenClaw 核心文件(SOUL.md, AGENTS.md, IDENTITY.md, USER.md, TOOLS.md)和记忆层(memory/)到 OneDrive,支持实时监控备份和定时备份,可从云端恢复。
⭐ 0· 590·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Skill name/description, SKILL.md, and the included scripts all align: they monitor OpenClaw core files and back up the memory directory to a OneDrive remote. However, the registry metadata declares no required binaries while the SKILL.md and scripts explicitly depend on rclone, inotifywait (inotify-tools) and tar — this mismatch is inconsistent and should be corrected.
Instruction Scope
Runtime instructions and scripts operate on the intended paths (workspace files and memory/) and only send data to the configured OneDrive remote via rclone. No instructions ask the agent to read unrelated system credentials or exfiltrate data to unexpected endpoints. Notes: scripts use absolute paths under /root/.openclaw, assume a remote named 'OneDrive' is configured, and instruct starting a background inotify process (nohup).
Install Mechanism
No install spec is present (instruction-only), and the included scripts run locally without downloading code from external/unknown URLs. This is lower risk than a networked installer. The skill will still write logs and temporary archives under /root/.openclaw/backup when run.
Credentials
The skill declares no required env vars/credentials, which is reasonable because it relies on rclone's existing config for OneDrive. However, rclone's configuration contains access tokens/credentials — the SKILL.md assumes the user has a configured OneDrive remote named 'OneDrive' but the skill does not explicitly document or request that configuration. Also the backups include sensitive core files (IDENTITY.md, USER.md, etc.), so requiring a cloud remote without recommending encryption or access controls is an operational/privacy concern.
Persistence & Privilege
always is false and the skill does not request to auto-enable itself system-wide. The scripts are intended to be started manually (nohup) or scheduled; nothing in the package attempts to modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it claims, but review and configure it carefully before use:
- Verify rclone is installed and you have a OneDrive remote named exactly 'OneDrive' (or edit the scripts/ONEDRIVE variable). The registry metadata failing to declare these binaries is an inconsistency — don't assume they exist.
- Because the backups contain sensitive core files (IDENTITY.md, USER.md, etc.), use rclone's crypt remote or other encryption to protect backups in OneDrive and ensure the OneDrive account is secured (strong auth, MFA).
- The scripts use hard-coded paths under /root/.openclaw. Run them as the intended user or update the paths to your environment to avoid accidental writes as root.
- The restore script has fairly permissive copy logic (cp -n, cp -rn) and extracts archives to a temporary dir; run --dry-run first and inspect the contents before permitting restores. Consider testing restore on an isolated environment.
- Consider running the monitor as a managed service (systemd) instead of nohup so it restarts reliably and runs under a non-root user with least privilege.
- If you need the registry to reflect the skill accurately, ask the publisher to add declared required binaries (rclone, inotify-tools, tar) to the metadata and to document OneDrive setup requirements.
If you want, I can point out exact lines to change (paths, ONEDRIVE name), suggest a minimal systemd unit, or show how to enable rclone crypt before enabling automatic backups.Like a lobster shell, security has layers — review code before you run it.
latestvk97247t51xct0mbx8tz5t1jrx981en4t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.