ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Restic Home Backup (Safe Apply Mode)

v1.0.0

Design, implement, and operate encrypted restic backups for Linux home directories with systemd automation, retention policies, and restore validation. Use w...

0· 659·0 current·0 all-time
by@moep90·duplicate of @moep90/restic-home-backup
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (restic home backup with systemd automation) match the included artifacts: SKILL.md describes intended inputs/outputs and safety boundaries, and scripts/bootstrap_restic_home.sh creates env, backup/prune/check scripts and systemd units as advertised.
Instruction Scope
SKILL.md and the bootstrap script stay within backup setup scope. The script is PLAN-ONLY by default and requires --apply to write to /etc, /usr/local/bin, and /etc/systemd/system, and it avoids printing secrets. Note: applying changes requires root privileges and the produced systemd units run without a User= line (will run as root); this is typical for full system backups but is a security decision the operator should review.
Install Mechanism
Instruction-only skill with a local bootstrap script; there is no network download/install step, no external package pulls, and no archives are extracted. Risk from install mechanism is low.
Credentials
The skill requests no external environment variables or credentials. It will create a local password file (/etc/restic-home/password) and an environment file (/etc/restic-home.env) to hold RESTIC_REPOSITORY and RESTIC_PASSWORD_FILE; these are proportional to the task. Operators should note the script may generate a password if none exists and will store it on-disk.
Persistence & Privilege
The skill does not request always:true and does not persist as a continuously running skill. If applied, it writes systemd timer/unit files and scripts into system locations (expected for a backup solution). This grants ongoing system behavior (scheduled backups) but that is coherent with the stated purpose.
Assessment
This skill appears to do what it says, but follow these precautions before applying changes: (1) Review scripts/bootstrap_restic_home.sh locally in plan-only mode (run without --apply) to confirm paths/schedules. (2) Ensure restic is installed at /usr/bin/restic (or edit scripts to your restic path). (3) Be aware applying (--apply) writes files under /etc and /usr/local/bin and installs systemd units which will run as root—confirm this matches your security policy. (4) If you intend to use a remote backend (S3/B2/sftp), plan how repository credentials will be provided (the script currently generates/stores a local password file but does not manage cloud credentials). (5) After apply, verify permissions on /etc/restic-home/* (should be 600) and perform the restore smoke test described in the ops checklist. (6) If unsure, run in plan-only mode and manually inspect generated artifacts before using --apply. If you want a more restrictive setup (non-root service user, SELinux/AppArmor constraints, or integration with your secret manager), request those explicit changes before applying.

Like a lobster shell, security has layers — review code before you run it.

latestvk970p5jb1c766rwa9dyx00ckts8168kf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments