ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Complete Backup Delete Fresh Install Restore Cycle

v2.2.1

The definitive, self-improving, community-wisdom-infused backup/restore skill. British dry humour + canine wisdom. Tested in production. Evolving with every...

0· 59·1 current·1 all-time
by@stefanferreira
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description claim a full backup/delete/install/restore cycle and the SKILL.md contains step-by-step shell commands to back up OpenClaw data, delete, reinstall, and restore. Requested privileges (root/sudo) and referenced paths (~/.openclaw, /usr/local/bin) are consistent with that purpose.
Instruction Scope
Instructions explicitly read and copy sensitive files (credentials, API keys, agent identities, Telegram/channel configs) from user dirs into a backup folder (e.g., /root/BACKUPS). That's expected for a full backup/restore skill, but the SKILL.md as shown does not recommend encrypting backups, controlling permissions, or safely transporting/storing them — an important omission for any workflow that collects secrets.
Install Mechanism
This is an instruction-only skill with no install spec and no code files; nothing is written to disk by the skill package itself, which reduces supply-chain risk. The SKILL.md does reference 'openclaw-backup' and 'openclaw-restore' helper scripts but does not include an installer for them.
Credentials
The skill requires root/sudo access in its prerequisites, which is proportional for a destructive fresh-install workflow. However, it asks the operator to copy credentials and other secrets into an unencrypted backup location under /root without advising encryption, least privilege, or secure transport — this is sensitive and should be justified and hardened before execution.
Persistence & Privilege
The skill does not request always:true or other elevated platform persistence, nor does it include install-time scripts modifying other skills. It is user-invocable and may be invoked autonomously per platform defaults, which is expected behavior.
What to consider before installing
This skill is coherent for a full destructive backup-and-restore workflow, but it handles secrets and requires root — treat it as high-risk until you review and harden it. Before using: (1) Read the entire SKILL.md and any helper scripts (openclaw-backup / openclaw-restore) to ensure there is no network exfiltration or unexpected commands. (2) Do not run blindly as root; test in an isolated sandbox or VM first. (3) Do not store raw backups containing credentials in plain /root/BACKUPS — encrypt backups (gpg or similar), set strict file permissions, and consider off-host secure storage. (4) Verify backup integrity before any delete step. (5) If you plan to allow automated or unattended runs, implement explicit safeguards (confirmation prompts, dry-run mode, and logs). If you want higher assurance, ask the author for an explicit threat model and a version of the workflow that encrypts and verifies sensitive data before and after movement.

Like a lobster shell, security has layers — review code before you run it.

latestvk976bjqy87ea2nq0y00vbnxd7n84r30z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments