Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SPIRIT State Sync
v1.1.0State Preservation & Identity Resurrection Infrastructure Tool (SPIRIT). Preserves AI agent identity, memory, and projects to a private Git repository. NEW:...
⭐ 0· 686·0 current·0 all-time
byGopinath Nelluri@gopinathnelluri
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is described as a tool that preserves agent identity/memory to a private Git repo. Declaring 'spirit' and 'git' as required binaries is coherent with that purpose. However, the SKILL.md expects access to the OpenClaw workspace path (/root/.openclaw/workspace) and ~/.spirit for tracked config; the registry metadata declares no required config paths. That mismatch between metadata and instructions is a sign of sloppy or incomplete declaration and should be confirmed.
Instruction Scope
The runtime instructions are primarily limited to running 'spirit init/sync', configuring a git remote, and optionally adding cron/OpenClaw scheduled jobs. These actions align with the stated purpose (reading identity/memory files and pushing them to a Git repo). Points to note: SKILL.md references and may read ~/.spirit/.spirit-tracked and workspace files (sensitive agent data), and it tells users to set SPIRIT_SOURCE_DIR (an env var not declared in the registry). There are no unexpected remote endpoints beyond GitHub remotes the user is asked to configure.
Install Mechanism
Registry includes a Homebrew install (TheOrionAI/tap/spirit) which is a reasonable/package-managed mechanism. SKILL.md also suggests running a curl | bash installer from theorionai.github.io for restoration. Having both a brew formula and an ad-hoc install script recommended is inconsistent and increases risk: curl|bash from a GitHub Pages domain is better than a random server but is still higher-risk than a package manager. Confirm which install method you trust and inspect the install script before running it.
Credentials
The skill declares no required environment variables or credentials, which is plausible because it expects the user to configure their git remote/auth (SSH or CLI). But SKILL.md relies on SPIRIT_SOURCE_DIR and paths under /root/.openclaw/workspace — this env var is used at runtime but was not declared. Asking the user to configure git credentials (SSH keys, gh login) is necessary for the feature, but the metadata should have documented expected paths/envs. The lack of declared config paths (despite explicit workspace usage) is a discrepancy.
Persistence & Privilege
The skill is not force-enabled (always: false) and can be invoked by the agent (normal). However, SKILL.md documents cron-based scheduled syncs, an autobackup daemon, and explicit OpenClaw cron integration that can wake the main agent to run syncs — these features give the skill a persistent/automated presence and increase the effective blast radius because they will repeatedly read the workspace and push data to a remote repo. This is coherent with the purpose but worth considering as an elevated privilege.
What to consider before installing
This skill does what it says—it reads agent identity/memory files and syncs them to a Git repo—but check a few things before installing:
- Verify the origin of the 'spirit' binary: the registry recommends Homebrew (TheOrionAI/tap) but the docs also suggest running a curl | bash installer from theorionai.github.io. Inspect that install script and prefer package-managed installs if possible.
- Confirm you trust TheOrionAI tap/GitHub repo and audit the brew formula or install script source before running. Avoid piping unknown scripts to bash.
- Be aware that the tool will read your OpenClaw workspace and ~/.spirit files (sensitive identity/memory). The registry metadata did not declare these config paths—ensure you are comfortable with that access and that you point the tool only at intended directories.
- Use a private repository and SSH/gh auth as recommended; never embed tokens in URLs. Double-check your .spirit-tracked file before any sync.
- Scheduled syncs (cron, autobackup, OpenClaw cron wake) will repeatedly read and push workspace data. If you want a smaller blast radius, test in an isolated environment first and avoid enabling automated jobs until you’ve validated behavior.
If you want a higher-confidence assessment, provide the brew formula, the content of the theorionai.github.io/install.sh script, or the upstream GitHub repo for 'spirit' so those artifacts can be inspected for hidden behavior.Like a lobster shell, security has layers — review code before you run it.
agentvk973js976g23gakprarpbhqs9s81c22cagent-statevk973js976g23gakprarpbhqs9s81c22caivk973js976g23gakprarpbhqs9s81c22cautosyncvk97bcc2jz6yydvtwax3sa12trd81dga5backupvk978fqg0ezbcb2vdrsn4j3h5sh81gdr3checkpointvk973js976g23gakprarpbhqs9s81c22ccronvk97bcc2jz6yydvtwax3sa12trd81dga5cross-platformvk973js976g23gakprarpbhqs9s81c22cgitvk978fqg0ezbcb2vdrsn4j3h5sh81gdr3githubvk973js976g23gakprarpbhqs9s81c22chardenedvk973js976g23gakprarpbhqs9s81c22cidentityvk973js976g23gakprarpbhqs9s81c22cidentity-preservationvk973js976g23gakprarpbhqs9s81c22clatestvk978fqg0ezbcb2vdrsn4j3h5sh81gdr3memoryvk973js976g23gakprarpbhqs9s81c22cmigrationvk973js976g23gakprarpbhqs9s81c22cmulti-devicevk973js976g23gakprarpbhqs9s81c22copenclawvk978fqg0ezbcb2vdrsn4j3h5sh81gdr3persistencevk973js976g23gakprarpbhqs9s81c22cpreservationvk973js976g23gakprarpbhqs9s81c22cprivacyvk973js976g23gakprarpbhqs9s81c22crestorevk973js976g23gakprarpbhqs9s81c22cresurrectionvk973js976g23gakprarpbhqs9s81c22csecurityvk973js976g23gakprarpbhqs9s81c22cspiritvk973js976g23gakprarpbhqs9s81c22cstatevk978fqg0ezbcb2vdrsn4j3h5sh81gdr3state-managementvk973js976g23gakprarpbhqs9s81c22csyncvk978fqg0ezbcb2vdrsn4j3h5sh81gdr3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsspirit, git
Install
Install SPIRIT via Homebrew
Bins: spirit