Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
openclaw workspace backup
v0.1.5将工作空间 git 仓库备份到 GitHub 各分支。通过 .env 配置目录列表,每天 03:00 自动执行。当用户说"workspace-backup"、"备份工作空间"、"工作空间备份"时触发。
⭐ 0· 133·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description claim: back up workspaces to GitHub branches. Code requires only git and reads WORKSPACE_<id>=<path> entries from package/user .env files — this is consistent. Minor mismatch: code pushes to remote named 'origin' (generic) and does not verify the remote is GitHub; the description suggests GitHub specifically.
Instruction Scope
Runtime behavior (workspace_backup/cli.py) will: read package and user .env files, iterate arbitrary directories specified there, run git add -A, commit, and push for each path, and write logs to ~/.openclaw/logs/backup.log. This is within backup purpose, but the agent will automatically add/commit/push whatever files are in the configured directories (including secrets like keys, config files, or other sensitive data) without any review or filtering. The code also does not switch or create branches before pushing and may fail or push unexpected refs. Daily automated execution increases the risk of unintended data exposure.
Install Mechanism
No install spec in registry; SKILL.md metadata suggests 'pip install -e {baseDir}' which is a reasonable install path for a Python CLI. No remote downloads or extract steps. Because code files are included, installing the package would place code on disk — expected for this type of utility.
Credentials
The skill does not request credentials or sensitive environment variables. It reads only package-level and user-level .env files for WORKSPACE_<id> entries (paths supplied by the user). No extra API keys or unrelated credentials are required.
Persistence & Privilege
always:false (not force-included). The SKILL.md says OpenClaw cron will run it daily at 03:00 — autonomous invocation combined with scheduled runs means the skill will act without interactive approval on each run. Autonomous invocation itself is normal, but combined with automatic commits/pushes this raises the operational risk if misconfigured.
What to consider before installing
Before installing or enabling this skill: (1) Inspect and control the .env files it will read (package .env and ~/.config/workspace/.env). Only list directories you intentionally want backed up; do not include home-level or system-level paths that may contain secrets. (2) Test on a non-sensitive directory first to confirm push behavior (branch naming, push errors). The tool commits with git add -A and push --force optionally — be sure you understand the consequence. (3) Confirm the 'origin' remote for each repo points to the intended GitHub repository (the code does not verify the host). (4) Consider modifying the script or adding a dry-run/approval step to avoid accidental commits of credentials or private files. (5) If you need stricter guarantees, run this locally under your control or add repository-level protections (or a dedicated remote) to prevent accidental exfiltration. Install only if you accept the risk of unattended commits/pushes from the configured directories.Like a lobster shell, security has layers — review code before you run it.
latestvk970k12twbqzrt97wyda4k0dxd83r7xw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💾 Clawdis
Binsgit