ClawHub

sync with webdav

v1.0.4

Archive local files or directories into tar/tar.gz and upload them to a WebDAV endpoint, with optional notifications. Use when the user asks to back up a fol...

0· 154·0 current·0 all-time
by@xyanmi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name, description, SKILL.md, and included script all implement WebDAV archive-and-upload functionality. Requiring curl is appropriate. The metadata lists openclaw as a required binary, but the script only uses OpenClaw for optional notifications (send_notification is a no-op if no channel/target); this is a minor mismatch between declared requirements and actual necessity.
Instruction Scope
SKILL.md and the script limit actions to archiving specified local paths, creating a temporary curl auth file, performing MKCOL/PUT to the declared WebDAV site, and optionally invoking the OpenClaw CLI for notifications. The instructions explicitly avoid printing credentials and recommend using a temporary credential file with 0600 permissions and immediate deletion; the script implements that pattern.
Install Mechanism
No install spec is provided (instruction-only plus an included script). Nothing is downloaded or executed from arbitrary URLs. The runtime relies on existing system binaries (curl and optionally openclaw), which is proportionate to the task.
Credentials
The skill requests only WEBDAV_SITE, WEBDAV_USERID, and WEBDAV_PWD — all required to authenticate to the WebDAV target. Implementation reads credentials from an env file (default .env) rather than from platform-injected environment variables; metadata lists the same env keys but doesn't state the file-dependency, so callers must provide the env file or pass --env-file. Storing credentials temporarily on disk is done with 0600 file perms and deletion, which is reasonable but worth attention on multi-user hosts.
Persistence & Privilege
The skill does not request permanent/always-on privilege and does not modify other skills or system-wide configurations. It creates temporary files in a tmp directory and cleans up the credential file in finally; the default tmp path (/tmp/openclaw-webdav-sync) may be acceptable but operators should consider using a per-user or per-job tmp dir on multi-user systems.
Assessment
This skill appears to do what it claims: it packages specified local paths and uploads them to the given WebDAV site using curl, and can optionally send notifications via the OpenClaw CLI. Before installing or running: - Provide the WEBDAV credentials in an env file (default .env) or pass --env-file; the script reads a file rather than relying on injected platform env vars. - Verify you trust the WebDAV endpoint (WEBDAV_SITE) before giving credentials. The password is written to a temporary curl config file with 0600 permissions and deleted after use, but on multi-user systems consider running the job under a dedicated user and/or set a custom tmp directory with --tmp-dir. - If you won't use notifications, OpenClaw is effectively optional; metadata requiring the openclaw binary is slightly stricter than the code needs — you can avoid configuring notifications to skip OpenClaw calls. - Check/.env file permissions (should be restricted) and test on a non-production directory first. Overall the skill is internally consistent and proportionate, with only small operational mismatches to be aware of.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fnhfdyh5fadnm3m5r39jxqn83n97m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis
Binscurl, openclaw
EnvWEBDAV_SITE, WEBDAV_USERID, WEBDAV_PWD
Primary envWEBDAV_SITE

Comments