Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Session Daily Backup - Obsidian
v1.0.0自动每日凌晨备份 OpenClaw 会话到 Obsidian,以增量方式合并多 session,并支持 Token 监控与 QQ 警告。
⭐ 0· 80·0 current·0 all-time
by小月月@valuemoon2025
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The scripts read OpenClaw session JSONL files and write markdown snapshots to an Obsidian Vault—exactly what a session backup tool should do. Optional QQ notifications and token-count monitoring are coherent with the description.
Instruction Scope
Instructions and scripts operate on local session files and write markdown into the Vault and tracking directory. They do not attempt to transmit full session contents to external endpoints by default; only short warning messages may be sent via openclaw message or a user-provided QQ_BOT_URL. However, scripts reference absolute paths (e.g. /root/.openclaw, /root/clawd, /root/clawd/format_message_v2.jq.txt) which may be unexpected and require root access or path adjustments.
Install Mechanism
This is an instruction-only skill with no install spec. No remote downloads or package installs are performed by the skill bundle itself.
Credentials
The skill declares no required environment variables, which matches the registry metadata, but runtime scripts expect optional variables/values (e.g. QQ_BOT_URL, QQ_USER_ID) and may call 'openclaw' or curl if configured. README/SKILL.md list different QQ variable names (QQ_APPID/QQ_SECRET) than the scripts actually use—this mismatch should be fixed to avoid misconfiguration. The script’s defaults point at root-owned paths, which may require elevated file access.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges, but its defaults reference /root locations and will read session files under the OpenClaw directory. Granting it access to the session directory gives it full visibility into conversation history (which is expected for a backup tool) — be deliberate about which account runs the cron job and which directories are accessible.
Assessment
This skill appears to do what it says (local backups + optional QQ warnings) but take these precautions before installing:
- Inspect and adapt the config file: change SESSION_DIR, VAULT_DIR, and TRACKING_DIR to paths appropriate for your system and user (avoid running as root unless intentional).
- Fix variable/path mismatches: SKILL.md/README list QQ_APPID/QQ_SECRET, while scripts check QQ_BOT_URL and QQ_USER_ID and expect format_message_v2.jq under the tracking dir. Ensure format_message_v2.jq (or .txt) is placed where the scripts expect or update the script paths.
- Permissions: the scripts read session files (sensitive conversations). Only grant read access to the account that will run these scripts.
- External endpoints: if you configure QQ_BOT_URL, verify the URL is a trusted QQ API endpoint; the skill may POST short warning messages there. The scripts do not upload full session content to remote servers by default, but misconfiguring the send function could leak info—review and test send_qq_warning before enabling.
- Test manually: run scripts by hand from a safe test session directory to confirm outputs and behavior before adding to cron.
If you want, I can produce a corrected config template and a small checklist of edits to make the scripts safe for your environment.Like a lobster shell, security has layers — review code before you run it.
latestvk97cfd3mswxk1eprp3cnym7ybs83bf59
License
MIT-0
Free to use, modify, and redistribute. No attribution required.