Claw Time Machine

This skill appears to implement the advertised backup/restore/migrate functionality, but take these precautions before installing or using it: - Review the full scripts yourself. The package includes scripts/ctm.sh — inspect it end-to-end to confirm there is no hidden network exfiltration or unexpected commands. The manifest you were shown is truncated in the copy you received; request the complete file if unsure. - Understand what will be backed up: credentials/, telegram/, identity/ contain sensitive secrets. Backups include those by design; do not migrate them to untrusted hosts. - Migration uses scp and runs a restore script over ssh on the target host. Only migrate to machines you control or fully trust and ensure your SSH keys are protected. The skill does not perform remote authentication hardening. - The package metadata omits required binaries (tar, ssh, scp, cp, mktemp, du, stat, find, sort). Expect the script to fail if those tools are missing; this metadata mismatch is sloppy and reduces transparency. - Test in a disposable environment first: run backup and restore locally with --dry-run or on a throwaway VM to ensure behavior matches expectations and safety backups are created. - If you need higher assurance, ask the publisher for: (1) a full, untruncated copy of scripts/ctm.sh; (2) an explicit statement about what files inside credentials/ and identity/ are copied; (3) a signed release or source repo so you can audit history. Given the metadata inconsistencies and the sensitive nature of data being handled, proceed only after you review the script and confirm you trust the target host(s).