ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawdbot Sync

v1.0.0

Synchronize memory, preferences, and skills between multiple Clawdbot instances. Supports bi-directional sync via SSH/rsync over Tailscale. Use when asked to sync with another Clawdbot, share memory between instances, or keep multiple agents in sync. Triggers: /sync, 'sync with mac', 'update other clawdbot', 'share this with my other bot'.

1· 2.3k·3 current·3 all-time
by@udiedrichsen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, required binaries (rsync, ssh, jq) and provided scripts align with a file-syncing skill. The ability to use Tailscale/SSH and rsync is coherent with the stated goal of syncing memory, preferences, and skills.
!
Instruction Scope
SKILL.md and references instruct the agent to run SSH/rsync operations and to install Tailscale via curl|sh. The included script executes SSH commands on peers and runs rsync against remote paths. The doc claims 'No system files are ever synced' and the script does constrain SYNC_PATHS to workspace-relative paths, but remote paths and SSH commands are taken from peer configuration and are inserted into shell commands without robust sanitization or quoting. The script also disables SSH host key checking (StrictHostKeyChecking=no) for connection tests, which weakens authentication and enables man-in-the-middle risk. Overall the runtime instructions go beyond simple read-only queries and will execute remote operations that require careful trust of peers.
Install Mechanism
No install spec; this is instruction-only plus an included handler script. Nothing is downloaded or executed at install time by the skill itself. The setup guide suggests running external installers (e.g., curl -fsSL https://tailscale.com/install.sh | sh), which is common but has its own risk and is invoked manually by the operator, not automatically by the skill.
Credentials
The skill requests no environment variables or registry-stored credentials, which is consistent for an SSH/rsync tool that relies on user-provisioned SSH keys. However, the skill assumes key-based SSH auth is configured but does not declare or protect any credentials. Because peer host/user/path are user-provided and later interpolated into shell/ssh commands, a malicious/compromised peer entry could be used to run unexpected commands or access unintended locations.
Persistence & Privilege
always is false and the skill does not request permanent platform-level privileges. It stores its peer/config/history under the provided workspace path only. Nothing in the manifest indicates modification of other skills or global agent settings.
What to consider before installing
This skill appears to do what it claims (rsync/SSH sync of a workspace), but it uses insecure defaults and sloppy shell handling that increase risk if you add untrusted peers. Before installing or using it: - Review scripts/handler.sh yourself (or have an admin do so). Look for places where host/user/path variables are concatenated into ssh/rsync commands without proper quoting/escaping. - Be cautious adding peers: only add hosts you fully trust. A malicious peer entry could cause remote command execution or unexpected writes. - Note check_connection uses StrictHostKeyChecking=no (disables SSH host-key verification); consider changing that to require known_hosts to prevent man-in-the-middle attacks. - The setup docs recommend running curl | sh to install Tailscale — only run that from a trusted environment and preferably inspect the install script first. - Use the skill's dry-run/diff modes first to verify what would be transferred, and test with an isolated workspace. If you want higher assurance, ask the author to: (1) remove StrictHostKeyChecking=no, (2) add robust quoting/validation of peer fields before using them in shell commands, and (3) avoid shell interpolation where possible (use ssh/rsync arguments safely).

Like a lobster shell, security has layers — review code before you run it.

latestvk9752bx48e69tj9mm67g8bz7gh7zy4f8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔄 Clawdis
Binsrsync, ssh, jq

Comments