ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Restic Home Backup

v1.0.2

Design, implement, and operate encrypted restic backups for Linux home directories with systemd automation, retention policies, and restore validation. Use w...

0· 743·0 current·0 all-time
by@moep90
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md workflow, ops checklist, and the bootstrap script all align: they implement restic-backed home-directory backups, systemd timers, retention/prune, and validation. The included script performs exactly the described tasks and enforces a plan-only default.
Instruction Scope
Instructions explicitly require user confirmation (or --apply) before writing to /etc, /usr/local/bin, or systemd, and the script enforces plan-only by default. The script does create credential and unit files, source /etc/restic-home.env, and may generate a password file under /etc/restic-home/password; these actions are expected for the stated purpose. Small caveat: SKILL.md promises 'Never print secrets' — the script prints the path to the generated password file but not the password itself, which matches the promise. Overall scope is appropriate.
Install Mechanism
This is an instruction-only skill with one included helper script; there is no automated installer or downloaded code from external URLs. Risk from install mechanism is low.
Credentials
The skill requests no environment variables or credentials in metadata, and it doesn't transmit secrets externally. The bootstrap generates and stores a password file and an /etc/restic-home.env file (both with chmod 600), which is appropriate. Minor mismatch: metadata does not list required binaries (restic, and optionally openssl), though the script checks for restic and uses openssl if available.
Persistence & Privilege
The script writes system files and creates/enables timers only when run with --apply; the skill is not always-enabled and does not request privileged persistent presence in the agent. This level of system access is expected and described in the SKILL.md.
Assessment
This skill appears to do what it says, but review and run it safely: 1) Read scripts/bootstrap_restic_home.sh yourself before running. 2) Run it in PLAN-ONLY mode first (no --apply) to inspect the proposed changes. 3) Ensure restic is installed and reachable at /usr/bin/restic (adjust script if restic is elsewhere). 4) Be prepared that the script will create /etc/restic-home.env and a password file at /etc/restic-home/password (chmod 600) — if you prefer an existing password file or secret manager, supply that path via --password-file. 5) Only run with --apply and enable timers when you accept the systemd/unit changes and understand where your repository (S3/SFTP/local) stores data and credentials. 6) If you need this on non-standard home paths (e.g., root), verify the script handles that or modify accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fj66bsd8v1hravnh1mk323n817t0z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments