ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Recovery Drill

v0.1.0

This skill should be used when the user asks to test OpenClaw recovery readiness, rehearse backup/restore, run a disaster-recovery drill, validate operator r...

0· 220·0 current·0 all-time
by@x-rayluan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, README, package.json, and the scripts all align: the tool inspects a local OpenClaw workspace and candidate backup roots to score recovery readiness. The included tests exercise the same behavior.
Instruction Scope
Runtime instructions only run the bundled Node script against a workspace and optional backup-root. The script's actions are limited to local filesystem discovery and metadata collection (file existence, mtime, sizes). There are no commands to read unrelated system configuration, call external endpoints, or perform restores by default.
Install Mechanism
No install spec; this is instruction-plus-local code. package.json targets Node >=18 and provides test and bin entries. No downloaded archives, remote installers, or third-party package installs are invoked by the skill itself.
Credentials
The skill declares no environment variables or credentials, which is appropriate. The script does read the user's home directory (os.homedir()) and common OpenClaw paths if no explicit workspace/backup-root is provided, and it collects filenames, timestamps, and file sizes — information that can include sensitive filenames or metadata. This behavior is proportional to a discovery audit but users should be aware it inspects local files.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills or global agent configuration. It only reads local files and prints JSON; it exits with status codes but performs no automatic restores or network exfiltration.
Assessment
This skill appears to do what it says: a local readiness audit that inspects workspace and backup directories and prints a JSON report. Before running, review scripts/recovery-drill.mjs yourself and run the tool against an explicit safe test workspace (use --workspace and --backup-root) so it doesn't scan unexpected locations under your home. Be mindful that the output includes filenames, modification times, and sizes (potentially sensitive metadata); do not share results publicly. Ensure you have Node >=18 installed and run tests (npm test) if you want to validate behavior in a disposable environment first.
tests/test.mjs:25
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fmejgt5wfzs4qxkfgsxfjc182zk0j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments