ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawRoam

v2.1.1

Portable identity vault for OpenClaw. Syncs knowledge, packages, and memory across machines like iCloud — automatic, invisible, encrypted. Bring your own sto...

0· 517·0 current·0 all-time
by@getlighty
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description promise: a portable encrypted vault that can use BYOS or a managed ClawRoam Cloud. The repository contains matching client-side bash scripts (sync engine, providers, keypair management) so client behavior aligns. However, registry metadata lists no required environment variables while the included cloud backend code (cloud-api/ and cloud-api-worker/) expects server-side secrets (DATABASE_URL, STRIPE_SECRET_KEY, S3_* envs, etc.). The skill bundle therefore mixes a client-only runtime with a deployable backend without declaring those server-side credentials — an inconsistency that makes intent and deployment responsibilities unclear.
!
Instruction Scope
SKILL.md instructs the agent (via exec/file tools) to run many local scripts that: scan package managers, read/copy files from detected OpenClaw workspace, generate/rotate Ed25519 keypairs, initialize a local git repo, watch and auto-commit local files, and invoke provider scripts that perform OAuth flows or upload/download archives. These actions legitimately belong to a sync vault, but they also grant the skill access to a broad set of user files (USER.md, MEMORY.md, packages lists, openclaw dir) and can push compressed archives to remote providers. The README/CLAUDE.md also point to a specific live Cloudflare Workers domain (clawroam-api.ovisoftblue.workers.dev) — a hard-coded external endpoint not highlighted as a required/third-party endpoint in the skill metadata.
Install Mechanism
There is no installer that downloads arbitrary remote code; the skill is instruction-first and ships local bash scripts and optional Node.js backend sources. Client-side scripts are pure bash (no remote downloads by default). The cloud backend is Node/Cloudflare code included in the repository (requires npm/wrangler to deploy) — that is fine as source, but deploying it requires server secrets (not declared). No suspicious external download URLs or extract steps are present in the skill metadata.
!
Credentials
Registry metadata declared no required env vars, but the included cloud backend and storage layer clearly expect many environment values (DATABASE_URL, STRIPE_SECRET_KEY, STRIPE_PRICE_ID, S3_ENDPOINT/ACCESS_KEY/SECRET_KEY/Bucket, STORAGE_PATH, PORT, etc.). Provider scripts likely require credentials for rclone/remote providers or S3, and the skill's runtime will prompt for OAuth or credentials if you select a provider. The lack of declared environment requirements is therefore misleading and undercounts sensitive configuration that may be supplied or stored when using the managed cloud or deploying the backend.
Persistence & Privilege
The skill is not force-installed (always:false) and can be invoked by the user. It creates persistent data in ~/.clawroam, generates/stores an Ed25519 private key locally (permissions claimed 600), and can run an auto-sync daemon (on by default after setup). Continuous background sync is expected for a vault but increases blast radius if a remote provider is untrusted or misconfigured. The skill does not request to modify other skills or system-wide agent settings in the code reviewed.
What to consider before installing
What to consider before installing or using ClawRoam: - Trust the managed cloud operator: the repository references a specific Cloudflare Workers domain for ClawRoam Cloud. If you choose the managed option, your vault archives (potentially sensitive data) will be uploaded to that remote service. Only use the managed cloud if you trust that operator and understand their privacy/billing terms. - BYOS is safer if you want control: you can avoid the managed cloud by configuring Google Drive/Dropbox/S3/Git/Local providers. Review the provider scripts (providers/*.sh) to confirm how credentials/OAuth tokens are stored (they claim to use the system keychain, but verify). - Metadata omission: the package registry entry declares no environment variables, but the included backend code expects DB, Stripe, and S3 credentials if deployed. If you plan to deploy the backend yourself, you must supply those secrets and understand their responsibilities. - Inspect what will be read/pushed: client scripts will read your OpenClaw workspace and various files under your home directory and will auto-commit and push changes by default after setup. Make sure sensitive files you do not want synchronized are placed under the 'local/' paths (SOUL.md, IDENTITY.md) or excluded in config before enabling auto-sync. - Verify cryptography semantics: the design claims the private key never leaves the machine and pushes are signed; inspect keypair.sh and provider scripts to confirm the private key is never transmitted and signatures are performed locally. - Start cautiously: initialize locally first (do not run cloud signup), inspect generated ~/.clawroam contents and provider config, and test push/pull with BYOS or a disposable remote before committing real data to any managed service. If you want, I can point to the specific lines in the provider/cloud scripts and keypair code that implement uploads, signatures, and where environment variables are read so you can review them in detail.

Like a lobster shell, security has layers — review code before you run it.

latestvk970fpcmz450ndj89jvbmtgd0d81r29h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments