ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cron Backup

v0.3.2

Set up scheduled automated backups with version tracking and cleanup. Use when users need to (1) Schedule periodic backups of directories or files, (2) Monit...

1· 3.3k·31 current·35 all-time
by@zfanmy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided scripts: they create timestamped tar.gz archives, support version-triggered backups, set up cron entries, list backups, and remove old backups. No extraneous credentials, network endpoints, or unrelated binaries are requested. The scripts assume common POSIX utilities (tar, find, crontab, etc.), which is reasonable for this purpose.
Instruction Scope
SKILL.md stays within backup/setup/cleanup scope. A couple of implementation details to note: (1) backup-versioned.sh will treat the version source as a file, a command (command -v) or an arbitrary command string (eval). That means the script will execute whatever command string you pass as the version check — this is expected for the feature but you should only supply trusted commands. (2) setup-cron.sh's 'versioned' branch currently uses the same parameter for both source_dir and version_source (CMD="$SCRIPT_DIR/backup-versioned.sh $SOURCE_DIR $SOURCE_DIR $BACKUP_DIR") — this may be a minor usability bug (you typically want to provide a separate version file or command). Aside from those points, the instructions do not attempt to read unrelated system files or exfiltrate data.
Install Mechanism
Instruction-only skill with included shell scripts and no install spec. Nothing is downloaded or extracted from remote sources. That represents a low install risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Scripts write small local files (.backup.log, .version_record) inside the chosen backup directory — this is proportional to the stated function. There are no requests for unrelated secrets or external service tokens.
Persistence & Privilege
The setup script modifies the installing user's crontab (adds a persistent cron job) and appends logs to $BACKUP_DIR/.backup.log; this is expected for scheduled backups but is a persistent system change and requires the user's crontab permission. always:false (not force-included) and no cross-skill/system-wide config changes are present.
Assessment
This skill appears to do what it says: local backups, version checks, cron scheduling, and cleanup. Before installing: (1) review the scripts locally and run them on non-critical data; (2) when using versioned backups, provide a safe command or path (avoid passing untrusted strings to the version argument because the script may eval/execute it); (3) note setup-cron.sh will add a cron line to your crontab and write logs/version records into the chosen backup directory — ensure you point it at the correct directory and that filesystem permissions are appropriate; (4) consider storing backups on separate/external storage and encrypting sensitive data; (5) if you rely on a particular version-source behavior, test the 'versioned' workflow — setup-cron.sh currently passes the same parameter for source and version which may need adjustment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f1nhc8rw0phrf1e899ehz4n81cv3b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments