Dotfiles
v2.0.1Backup, sync, and version-track dotfiles across multiple machines. Use when syncing configs, backing up settings, restoring on new machines.
⭐ 0· 206·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The SKILL.md and the included scripts implement a local logging/backup/monitoring tool that stores per-command logs under ~/.local/share/dotfiles. Nothing in the code requires cloud credentials, unrelated binaries, or other system-wide access beyond standard filesystem and POSIX utilities — consistent with the described purpose.
Instruction Scope
Runtime instructions and the script are scoped to local logging, search, export, and status operations. There is no network I/O or access to other system configuration paths. However, the tool appends arbitrary user input directly into log files and uses simple printf/echo to produce JSON exports without escaping values; this can produce malformed or unsafe exports if logs contain quotes/newlines or sensitive data. Also some minor shell-pipeline behaviour (e.g., counting matches in a piped while loop) is a quality issue but not a security breach by itself.
Install Mechanism
No install spec or remote downloads are present; the skill is instruction-only with a single local shell script. Nothing is fetched from external URLs at install time, minimizing supply-chain risk.
Credentials
The skill requests no environment variables, no credentials, and only uses standard POSIX utilities. This is proportionate to its function.
Persistence & Privilege
The skill is not force-enabled (always: false) and is user-invocable. It does not modify other skills or system-wide agent settings. Its only persistent state is local files under ~/.local/share/dotfiles, which is appropriate for a logging/backup tool.
Assessment
This skill appears to do what it says and has no network or credential requests. Things to consider before installing: 1) All data is stored under ~/.local/share/dotfiles — inspect or back up that directory if you care about privacy. 2) The tool will happily record arbitrary text you pass to it; do not log passwords, API keys, or other secrets into these logs. 3) The JSON export simply injects raw values into JSON (no escaping), so exported files can be malformed or leak structure-sensitive content if logs contain quotes/newlines — review exports before sharing. 4) If you want extra safety, review the script locally and/or run it in a restricted account/container. 5) Note a minor metadata/version mismatch in SKILL.md vs registry (cosmetic). Overall the skill is coherent and self-contained; use caution around what you log and export.Like a lobster shell, security has layers — review code before you run it.
latestvk97ad6rn54b9kwwrn5371tm9kd83542e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.