Skillv1.0.0

ClawScan security

3-Tier Auto-Backup Daily Snapshots, Drive Mirror & Emergency Recovery · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 3:00 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and instructions are consistent with a local, Windows-focused 3-tier backup solution; nothing requested or installed is disproportionate to that purpose, but you should inspect any PowerShell script you create before scheduling it.
Guidance: This skill is instruction-only and appears to do what it says, but it requires you to create and run a PowerShell script yourself — do not schedule a script you haven't reviewed. Before enabling: (1) Inspect the full daily-backup.ps1 you create to confirm it only zips, copies, and deletes files according to retention rules you expect; watch for aggressive mirror or delete flags that could remove data. (2) Test backups and restores on noncritical data. (3) Place backups on a physically separate drive or network location to avoid single-drive failure. (4) emergency-chat.html talks only to localhost (Ollama); only use it if you run a local Ollama server and understand that your typed prompts are sent to that local service. (5) If you want automated scheduling, create the scheduled task with an account that has least privilege necessary. If you provide the actual daily-backup.ps1 for review, a more detailed check could raise or lower risk confidence.

Review Dimensions

Purpose & Capability: noteThe name/description (3-tier backup) matches the delivered artifacts (instructions for daily snapshots, drive mirroring, and an emergency HTML chat). Minor wording mismatch: the README/SKILL describe an "emergency conversation export," but emergency-chat.html explicitly states it will NOT contain prior conversation history — it only connects to a local Ollama instance for live chat.
Instruction Scope: noteSKILL.md stays within backup/restore scope and instructs creating a Windows scheduled task and a PowerShell script (daily-backup.ps1). The actual PowerShell script is not distributed; the user must create it. Verify the script's exact behavior (paths, retention/deletion logic, mirror sync options) before scheduling it, since those actions operate on user files and could delete or overwrite data if misconfigured.
Install Mechanism: okInstruction-only skill — no install steps, no downloaded code, no packages. This has a low installation risk because nothing is written or executed by the registry itself.
Credentials: okNo environment variables, credentials, or config paths are requested. The emergency HTML chat attempts to connect to a local Ollama service (http://127.0.0.1:11434) which is coherent with the stated purpose and does not contact external endpoints by default.
Persistence & Privilege: okSkill is not always-enabled and does not request persistent system privileges. It instructs the user to register a Windows scheduled task and to create a script in their workspace; these are normal for a backup task and are under the user's control.