Back to skill
Skillv1.3.1
ClawScan security
OpenClaw Daily Backup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 14, 2026, 6:25 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement the described backup/restore functionality, but the bundle includes real workspace backup files and lots of provenance/marketing docs — this increases privacy risk and is unexpected for a simple skill package.
- Guidance
- This skill largely does what it claims (local backup/restore of SOUL files), but the package includes actual backup data (backups/...) and many delivery docs. Before installing or running scripts: 1) Inspect the included backups (backups/ and openclaw.sanitized.json) for any sensitive data or secrets — do not assume redaction is perfect. 2) Review scripts/scripts/*.mjs for any network calls or unexpected behavior (e.g., remote upload, telemetry) before executing. 3) Run operations initially in a sandbox or non-production copy of your workspace and use --dry-run where supported. 4) Remove or archive the bundled backups if you don't need them, and set restrictive permissions on created backup directories. 5) If you plan to publish or share this skill, avoid committing real workspace backups into the repo and verify sanitization of any sample data.
Review Dimensions
- Purpose & Capability
- noteName/description, scripts, and CLI usage align: the skill provides local backup/list/restore/validate for SOUL files. However, the repository includes an embedded backups/ directory with multiple timestamped and named backups (including AGENTS.md, IDENTITY.md, TOOLS.md, and openclaw.sanitized.json). Bundling real or example backups inside the skill is plausible as test data, but can be disproportionate because those files may contain sensitive agent personalities, configuration, or secrets. The presence of many delivery/commercial documents is noisy but not inherently inconsistent.
- Instruction Scope
- okSKILL.md gives concrete local commands (node scripts/backup.mjs, list.mjs, restore.mjs, validate.mjs) and file paths; instructions operate on local workspace files and do not instruct the agent to read unrelated system state or external credentials. Some example commands use absolute example paths (/Users/m1/.openclaw/workspace-hunter) and a placeholder git clone <backup-repo-url>, which require care but are not malicious. The docs explicitly acknowledge that backups contain sensitive data.
- Install Mechanism
- okThere is no install spec — the skill is instruction/code-only and relies on Node.js built-ins (per CHANGELOG). No remote downloads or extract operations are declared in the registry metadata. This lowers supply-chain risk, but executing included scripts will write/read local disk.
- Credentials
- noteThe skill declares no required environment variables or credentials, which matches expectations. However, running the scripts will read and write local workspace files (SOUL.md, USER.md, AGENTS.md, TOOLS.md, etc.), which can contain API keys and other secrets. The repository already contains example/test backups; verify that sensitive values are actually redacted (the changelog claims openclaw.json sanitization). Because the package bundles backup artifacts, there's a privacy/secret-exposure risk even though no credentials are requested at install time.
- Persistence & Privilege
- okThe skill does not demand always:true or elevated platform privileges. It operates on files in the workspace and creates backups under its own backups/ directory. It does not appear to modify other skills or global agent configuration. Normal caution about file writes applies.