Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawVault
v3.0.0Portable identity vault for OpenClaw. Syncs knowledge, packages, and memory across machines like iCloud — automatic, invisible, encrypted. Bring your own sto...
⭐ 0· 577·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (portable encrypted vault + optional managed cloud) matches the repository: local bash CLI, provider scripts (gdrive, dropbox, git, s3, ftp, webdav, local) and a Node.js 'ClawVault Cloud' API with billing/storage code. Including server code for an optional managed cloud is plausible (self-host or operator-run) and consistent with the advertised 'ClawVault Cloud' option.
Instruction Scope
The SKILL.md explicitly instructs the agent to run local shell scripts (clawvault.sh, sync-engine.sh, migrate.sh, track-packages.sh, keypair.sh). Those scripts read/wrote files under ~/.clawvault, import certain OpenClaw workspace files, scan installed packages, and may start an auto-sync daemon. The documented defaults exclude SOUL.md and IDENTITY.md and mark credentials as opt-in, which limits broad exfiltration; however auto-sync is ON by default after setup and the tool can read the user's OpenClaw workspace and package lists—so verify what will be synced before use and do not opt into syncing credential directories unless you trust the provider and encryption.
Install Mechanism
There is no external install spec; the skill is instruction + scripts. No remote downloads or archive extraction are invoked by a platform installer. Risk is limited to running the included shell scripts locally (they will create ~/.clawvault and may start processes), so audit scripts before running.
Credentials
The skill package itself declares no required env vars for client-side operation. The included Cloud API server code, however, expects server-side environment variables (DATABASE_URL, STRIPE_SECRET_KEY, STRIPE_PRICE_ID, optional S3 credentials, STORAGE_PATH), which is appropriate if you self-host or operate the managed service but are not required for local use. Provider setup will prompt for third-party storage credentials when you select BYOS (expected).
Persistence & Privilege
always is false. The skill writes a vault directory (~/.clawvault), generates a local Ed25519 keypair (private key stored with restrictive permissions) and can run a background sync engine/daemon. That level of persistence and local file access is expected for a syncing vault; it does not request elevated system privileges or alter other skill configurations.
Assessment
This skill is largely coherent with its stated purpose, but take these precautions before installing or running it: 1) Inspect the scripts (especially providers/* and sync-engine.sh) to confirm what paths will be read and which files will be uploaded. 2) Do not opt into syncing any 'credentials' or channel/token directories unless you understand how they are encrypted and you trust the storage endpoint. 3) If you plan to use 'ClawVault Cloud', know that the repository includes server-side code that expects DB/Stripe/S3 credentials — using the managed cloud means trusting whoever runs that service. 4) Run the tool first in a safe environment (VM/container) or with a test vault to observe behavior, and review the keypair handling (private key should remain local). 5) If you require a higher assurance level, consider self-hosting the cloud components and inspect the provider registration flows to ensure signing and registration are implemented as expected.Like a lobster shell, security has layers — review code before you run it.
identityvk979kjywdzrtczz51mv26dm38981pqq2latestvk97f7mvh74rw1s32jd9bxnbz5d81p71kmigrationvk979kjywdzrtczz51mv26dm38981pqq2packagesvk979kjywdzrtczz51mv26dm38981pqq2syncvk979kjywdzrtczz51mv26dm38981pqq2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.