Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Backup & Restore
v1.5.4This skill should be used when the user asks for OpenClaw backup, restore, rollback, validation, GitHub backup, off-machine backup, workspace recovery, or pr...
⭐ 1· 247·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code and docs: the repo contains backup.mjs, restore.mjs, list.mjs, validate.mjs and examples for git-sync and cron. The requested capabilities (backup, restore, validate, optional git push) are consistent with the files present. No unrelated binaries or cloud credentials are required.
Instruction Scope
SKILL.md instructs the agent/user to read workspace files and (optionally) the real ~/.openclaw/openclaw.json and to perform git commit/push flows (backup-and-push.mjs and GitHub Actions). Reading the local openclaw.json and pushing backups off-machine are within scope for a backup tool, but they materially increase risk: the skill documents a sanitization step for openclaw.json but also provides an explicit --raw-openclaw-config option and guidance to push backups to remotes. Verify the sanitization code and be cautious with automated pushes to remote repositories.
Install Mechanism
No install spec or external downloads are declared. All code is included as local Node.js .mjs scripts. This is low-risk from an install/download perspective, but the scripts will execute on the host when run.
Credentials
The skill declares no required environment variables or credentials, which is reasonable. However, scripts perform git operations that rely on the host's git credentials/credential helpers and may access ~/.openclaw/openclaw.json (sensitive). The lack of declared env vars is appropriate, but users must understand that local git auth and filesystem access provide the mechanism for remote pushes and possible exposure.
Persistence & Privilege
always:false and model invocation defaults are normal. The skill does not request persistent platform-level privileges or attempt to modify other skills' configs. It runs as local scripts when invoked.
What to consider before installing
This skill appears to do what it claims, but take these precautions before installing or enabling automation: 1) Inspect scripts/backup-and-push.mjs and scripts/backup.mjs yourself — search for any network endpoints, unexpected HTTP/HTTPS requests, or obfuscated code. 2) Verify the openclaw.json sanitization logic (patterns listed in CHANGELOG) and test backups to ensure secrets are redacted; avoid using --raw-openclaw-config unless you understand the consequences. 3) Do not push backups to a public GitHub repo; use a private repo or encrypted/off-machine storage. 4) Check package.json for added dependencies before running. 5) Run backups and validate in a safe environment (local VM or disposable workspace) and confirm validate.mjs detects corruption and redaction as promised. 6) Ensure backups/ directory permissions are restrictive (700) and consider encrypting backups at rest. 7) Note the minor documentation tension: .gitignore is said to exclude backups/ yet the skill documents scripts to add/push backups — decide whether you will track backups in git. If you want to proceed, test manual runs first and only enable cron/GitHub Actions after confirming sanitization and repository privacy.scripts/backup-and-push.mjs:36
Shell command execution detected (child_process).
scripts/backup-and-push.mjs:12
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97b6c6e2ev43ph9z82xe9y3sx82zd4d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.