Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Securely store OpenClaw configuration and key information. Back up the configuration file from its default location to the secure file path
v1.0.0安全保存 OpenClaw 的配置和密钥信息。将配置文件从默认位置备份到安全的文件路径 keys.txt 中。
⭐ 0· 62·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description claim to back up OpenClaw configuration and keys, which matches the provided Python script that copies a config file. However the SKILL.md says the default source is ~/.openclaw/openclaw.json while the script defaults to ~/.openclaw/openclaw.json.bak — a concrete mismatch. Also the documentation hardcodes a privileged target (/root/keys.txt) which is not a proportional or clearly justified default for a user-facing backup.
Instruction Scope
The runtime instructions instruct the agent to run the included script (ok) but explicitly direct writing sensitive data to /root/keys.txt. The script will create target directories if necessary and unconditionally copy the file without encryption or redaction. The SKILL.md and script disagree on the default source path, which could cause confusion and accidental data omission or copying the wrong file. Writing secrets to a world- or root-accessible path without encryption is a clear scope risk.
Install Mechanism
No install spec; this is instruction + a single Python script and requires only python3 on PATH. No external downloads or package installs are performed.
Credentials
The skill requests no environment variables or credentials (appropriate). However, it requests access to a sensitive local config file and defaults to copying it into a privileged path (/root/keys.txt). The lack of any encryption, access control, or justification for the root destination makes the handling of credentials disproportionate to a benign backup task.
Persistence & Privilege
The skill does not request permanent inclusion (always:false) and does not modify other skill settings. It can be invoked autonomously by the agent (platform default). Combining autonomous invocation with the ability to read and copy sensitive local config files increases risk if the agent is given broad scope — consider limiting invocation or requiring explicit user confirmation before run.
What to consider before installing
This skill does what it says (copies an OpenClaw config file) but has concerning choices you should consider before installing or running it:
- Path mismatch: SKILL.md says default source is ~/.openclaw/openclaw.json but the script uses ~/.openclaw/openclaw.json.bak. Confirm which file contains your real keys.
- Privileged target: The default destination is /root/keys.txt. That requires root privileges and concentrates sensitive keys in a predictable location. Prefer a user-owned, non-root path or an encrypted store.
- No encryption or access control: The script copies keys in plaintext. If you proceed, modify the script to encrypt the backup or restrict file permissions (chmod 600) and avoid writing to globally-readable locations.
- Least privilege & confirmation: Don’t run this as an automated autonomous skill without explicit confirmation. Require the agent to ask you before copying sensitive files.
- Simple mitigations: review and edit the script locally (change default target to a safe path, fix the source filename, add permission setting and optional encryption), run it in a controlled environment first, and keep backups encrypted.
Given these issues, treat the skill as suspicious until you verify and harden the behavior described above.Like a lobster shell, security has layers — review code before you run it.
latestvk97e56bp5hg5mb20jq916g9cs583psh2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔐 Clawdis
Binspython3