ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Backup

v1.1.0

Encrypted backup and restore for OpenClaw agents. Creates two-tier archives: cloud-safe operational backups plus optional age-encrypted secrets for local rec...

0· 63·0 current·0 all-time
byDon Zurbrick@zurbrick
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts and docs implement an OpenClaw backup/verify/restore workflow (operational vs secrets archives, manifests, scheduled drills, GitHub push). That aligns with the name/description. However the registry metadata claims no required binaries or env vars while the scripts clearly require tar, python3, and often openclaw; optional flows require age and gh. The lack of declared runtime requirements in metadata is an inconsistency that could mislead operators.
Instruction Scope
SKILL.md stays on-topic and instructs running the provided scripts and using references. The scripts stage and copy $HOME/.openclaw content (workspace, openclaw.json, cron/jobs.json) and optionally secrets (.env, agents/) which is appropriate for a backup tool. The push-to-github.sh flow uses the user's gh CLI and authenticated account — expected but high-impact if misused. No instructions attempt to read unrelated system secrets or exfiltrate data to third-party endpoints beyond GitHub (via gh) and only with the user's authenticated gh CLI.
Install Mechanism
No install spec is present (instruction-only for installation), so nothing is automatically downloaded or written by an installer. The risk is limited to running the included scripts. No remote download URLs or archive extraction from untrusted hosts are present in the package.
!
Credentials
Metadata lists zero required env vars/credentials, but the runtime code references optional env vars (AGE_RECIPIENT, AGE_PASSPHRASE_FILE, AGE_IDENTITY_FILE, OPENCLAW_DIR, BACKUP_DIR, CRON_NAME, etc.). The scripts also depend on the user's gh authentication and the openclaw CLI. Requesting or using age and gh is proportionate to the described secrets encryption and GitHub push features, but the metadata not declaring these dependencies is misleading and increases the chance an operator will run scripts without realizing which credentials/tools are used.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It can create or replace OpenClaw cron entries (via openclaw cron create/delete) which is within the expected scope for scheduling backups but is an impactful operation — the scheduler behavior is documented in scripts. The skill does not modify other skills' configurations or system-wide agent settings beyond interacting with the user's OpenClaw cron API.
What to consider before installing
This package appears to be a genuine OpenClaw backup/restore toolkit, but note the following before installing or running it: - Metadata mismatch: The registry claims no required binaries or env vars, but the scripts require tar and python3; many flows also require the openclaw CLI. Optional features require age (for secrets) and gh (for pushing to GitHub). Ensure those tools are installed and you understand which flows use them. - GitHub push: push-to-github.sh uses your gh CLI and will create/push to a private repo under your authenticated GitHub account. Verify gh is authenticated to the account you intend and confirm the repo visibility and contents before pushing. - Sensitive data access: Operational backups include $HOME/.openclaw/workspace and other agent files (workspace, memory, skills). Secrets (.env, agents/) are opt-in but if you enable secrets, confirm they are encrypted with age and that you control the age keys/passphrase files. - Cron/scheduling: schedule.sh will create/replace an OpenClaw cron entry with the same name. This is expected for scheduled backups but is an impactful change — review the SYSTEM_EVENT text and cron parameters before enabling. - Verification: Run the scripts in no-op / dry-run modes first (verify.sh, restore.sh --dry-run, monthly-drill.sh) on a test host to confirm behavior and to inspect what gets copied into backup archives. Because the metadata understates runtime requirements, proceed cautiously: inspect the scripts locally, confirm your tooling (openclaw, gh, age, python3), and test on a non-production node before trusting automated or scheduled runs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cksgtbvx6swfeh20tztzpgn839xgn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments