Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Daily Backup
v1.3.1This skill should be used when the user asks for daily backup, scheduled backup, restore, rollback, recovery, or routine protection of core OpenClaw workspac...
⭐ 0· 246·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, scripts, and CLI usage align: the skill provides local backup/list/restore/validate for SOUL files. However, the repository includes an embedded backups/ directory with multiple timestamped and named backups (including AGENTS.md, IDENTITY.md, TOOLS.md, and openclaw.sanitized.json). Bundling real or example backups inside the skill is plausible as test data, but can be disproportionate because those files may contain sensitive agent personalities, configuration, or secrets. The presence of many delivery/commercial documents is noisy but not inherently inconsistent.
Instruction Scope
SKILL.md gives concrete local commands (node scripts/backup.mjs, list.mjs, restore.mjs, validate.mjs) and file paths; instructions operate on local workspace files and do not instruct the agent to read unrelated system state or external credentials. Some example commands use absolute example paths (/Users/m1/.openclaw/workspace-hunter) and a placeholder git clone <backup-repo-url>, which require care but are not malicious. The docs explicitly acknowledge that backups contain sensitive data.
Install Mechanism
There is no install spec — the skill is instruction/code-only and relies on Node.js built-ins (per CHANGELOG). No remote downloads or extract operations are declared in the registry metadata. This lowers supply-chain risk, but executing included scripts will write/read local disk.
Credentials
The skill declares no required environment variables or credentials, which matches expectations. However, running the scripts will read and write local workspace files (SOUL.md, USER.md, AGENTS.md, TOOLS.md, etc.), which can contain API keys and other secrets. The repository already contains example/test backups; verify that sensitive values are actually redacted (the changelog claims openclaw.json sanitization). Because the package bundles backup artifacts, there's a privacy/secret-exposure risk even though no credentials are requested at install time.
Persistence & Privilege
The skill does not demand always:true or elevated platform privileges. It operates on files in the workspace and creates backups under its own backups/ directory. It does not appear to modify other skills or global agent configuration. Normal caution about file writes applies.
What to consider before installing
This skill largely does what it claims (local backup/restore of SOUL files), but the package includes actual backup data (backups/...) and many delivery docs. Before installing or running scripts: 1) Inspect the included backups (backups/ and openclaw.sanitized.json) for any sensitive data or secrets — do not assume redaction is perfect. 2) Review scripts/scripts/*.mjs for any network calls or unexpected behavior (e.g., remote upload, telemetry) before executing. 3) Run operations initially in a sandbox or non-production copy of your workspace and use --dry-run where supported. 4) Remove or archive the bundled backups if you don't need them, and set restrictive permissions on created backup directories. 5) If you plan to publish or share this skill, avoid committing real workspace backups into the repo and verify sanitization of any sample data.backups/2026-03-14T05-39-50/openclaw.sanitized.json:246
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97am224dsh4a73ymw8htsewf182x6bs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.