ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawRoam

v3.0.1

Portable identity vault for OpenClaw. Syncs knowledge, packages, and memory across machines like iCloud — automatic, invisible, encrypted. Bring your own sto...

0· 496·0 current·0 all-time
by@getlighty·duplicate of @getlighty/getlighty-clawroam
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (portable vault, sync of knowledge/packages/memory) matches what the scripts and server code implement. Required binaries listed in SKILL.md (curl, git, openssl, ssh-keygen, python3, rsync, tar, fswatch optional) are reasonable for the stated functionality and are used by the included bash scripts. The repo also contains a cloud backend implementation (Node/Cloudflare Worker), which aligns with the 'ClawRoam Cloud' managed provider mentioned in the docs.
Instruction Scope
Runtime instructions direct the agent to run local scripts (clawroam.sh, sync-engine.sh, migrate.sh, track-packages.sh) and to contact the declared cloud endpoint only when the 'cloud' provider is used. The skill will read OpenClaw workspace files (USER.md, MEMORY.md) when initializing — this is expected. There is an opt-in path for syncing sensitive things (credentials/ channel auth, openclaw config) and SKILL.md shows sensible defaults (config/soul/identity sync disabled). Verify you understand and control any opt-in steps, because those are the only paths that would transmit channel or credential material off-device.
Install Mechanism
No install spec is provided (instruction-only), so nothing is automatically downloaded or executed outside the included repository. The project contains source code and scripts that run directly. This is a lower-risk install model than an arbitrary remote download, but you must still inspect and trust the bundled scripts before running them.
Credentials
As packaged for clients, the skill requires no environment variables and does not request unrelated credentials. The cloud backend code (in cloud-api/ and cloud-api-worker/) does expect server-side env vars if you deploy it yourself (DATABASE_URL, STRIPE_SECRET_KEY, S3 or R2 credentials, etc.) — those are server-side deployment needs and do not imply the client will ask for or transmit your system credentials. That said, the skill supports an opt-in sync of 'credentials/' and 'openclaw config.json' (which can contain channel tokens); syncing those would transmit highly sensitive data (even if encrypted).
Persistence & Privilege
The skill does not request always:true and defaults are reasonable. Model invocation is not disabled (default), which is normal for skills. The scripts create a per-user vault at ~/.clawroam and an Ed25519 keypair stored locally; nothing in the package attempts to modify other skills or system-wide agent settings. Autonomous invocation plus network access means the skill could perform syncs automatically — but SKILL.md shows sensible defaults that avoid syncing private 'soul' and identity files unless explicitly opted in.
Assessment
What to check before installing or using ClawRoam: - Verify origin and reputation: the package lists an unknown owner and has no homepage. If you don't already trust the publisher, audit the scripts before running them. - Inspect key management: review src/keypair.sh and providers/cloud.sh to ensure your private key is never transmitted. The repo claims private keys remain local; confirm the implementation matches that claim. - Review what you opt into syncing: by default SOUL.md and IDENTITY.md are not auto-synced, and 'openclaw config.json' / 'credentials/' are opt-in. Never enable those sync options unless you fully understand the consequences — they can contain channel tokens and other sensitive secrets. - Consider cryptography details: the client-side encrypts archives with AES-256-CBC before upload and the server verifies signatures. AES-CBC is not an authenticated encryption mode by itself; the protocol uses signed hashes to protect integrity, but you should review the key-derivation and signing code to ensure it meets your threat model. - If you plan to use the managed cloud: examine the cloud endpoint (https://clawroam-api.ovisoftblue.workers.dev). If you prefer, self-hosting is supported — the repo contains cloud-api and a Cloudflare Worker implementation. Deploying your own backend avoids trusting a third-party endpoint. - Check provider implementations: BYOS providers (gdrive, dropbox, s3, git, ftp, webdav) typically use rclone or OAuth tokens. Confirm where OAuth refresh tokens are stored (the README claims system keychain/libsecret) and that you are comfortable with that storage policy. - Inspect automated behaviors: the sync engine auto-commits and auto-pushes changes. If you are concerned about unintended data leaving a device, keep the sync daemon off and use manual push/pull until you are confident in the configuration. If you are not comfortable auditing the code yourself, consider using only the BYOS providers with local storage or self-hosting the cloud backend rather than using the unknown managed endpoint.

Like a lobster shell, security has layers — review code before you run it.

latestvk971bxs9mnn0370kdza21bcrbd81rjy2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments