中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 25/100
上次扫描:1 天前 重新扫描
25 /100
openclaw-backup-restore
Backup, restore, validate, and GitHub-sync OpenClaw workspace state files with versioning, rollback, and off-machine recovery
Legitimate backup/restore skill with well-designed sanitization, but SKILL.md fails to declare its use of git operations (shell:WRITE equivalent) and network access, creating a doc-to-code mismatch.
技能名称openclaw-backup-restore
分析耗时58.5s
引擎pi
可以安装
Add an 'allowed-tools' declaration and a 'Security Notes' section to SKILL.md explicitly listing git operations and the backup repo sync feature. This will close the doc deception gap without requiring any code changes.

安全发现 3 项

严重性 安全发现 位置
中危
Git sync feature completely absent from SKILL.md 文档欺骗
scripts/backup-and-push.mjs performs git clone, fetch, add, commit, and push operations to sync backups to a remote repository. SKILL.md has a 'Daily GitHub Backup' section but only describes node scripts/backup-and-push.mjs, never mentioning the underlying git operations, the BACKUP_REPO_DIR environment variable, or that it clones a remote repo locally. This is a significant doc-to-code mismatch.
node scripts/backup-and-push.mjs --remote origin
→ Add a section to SKILL.md explicitly describing git operations: 'Uses git clone/fetch/push to sync backup directory to a remote repository. Stores a local mirror at ~/.openclaw/backup-repos/'. Declare network:READ and shell:WRITE in allowed-tools.
 SKILL.md:48
低危
No allowed-tools declaration in SKILL.md 权限提升
SKILL.md declares no allowed-tools section. The capability model requires explicit permission declarations. The skill infers filesystem:WRITE, network:READ, shell:WRITE (via git), and environment:READ, none of which are declared.
No allowed-tools section found
→ Add 'allowed-tools: Bash → shell:WRITE, Read → filesystem:READ, Write → filesystem:WRITE' to the skill header. Explicitly note that git operations require shell:WRITE equivalent access.
 SKILL.md:1
低危
openclaw.json access not prominently flagged 敏感访问
backup.mjs reads ~/.openclaw/openclaw.json by default (via --raw-openclaw-config flag default in backup-and-push.mjs) and backs up agent files from ~/.openclaw/agents. SKILL.md briefly mentions TOOLS.md but does not prominently warn that API keys, tokens, and credentials stored in openclaw.json and TOOLS.md are being accessed and stored in backups.
openclaw.json is referenced only as 'optional real openclaw.json'
→ Add a prominent 'Sensitive Data Handling' section warning that openclaw.json (containing API keys) and TOOLS.md (containing tool configurations) are backed up. Note that --raw-openclaw-config stores the raw file with secrets intact.
 SKILL.md:17
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✗ 越权 backup.mjs:109 copies workspace files to backup dir; restore.mjs:139 writes file…
网络访问 NONE READ ✗ 越权 backup-and-push.mjs:44 git remote get-url; lines 46-55 git clone/fetch/pull/push
命令执行 NONE WRITE ✗ 越权 backup-and-push.mjs:35-37 spawnSync('git', [...]) — git add/commit/push are shel…
环境变量 NONE READ ✗ 越权 backup.mjs:28 OPENCLAW_BACKUP_DIR; restore.mjs:21, list.mjs:18, validate.mjs:18 …
技能调用 NONE NONE No inter-skill invocation observed
1 严重 12 项发现
💀
严重 危险命令 危险 Shell 命令
curl | bash
FINAL-DELIVERY-REPORT.md:168
🔗
中危 外部 URL 外部 URL
https://keepachangelog.com/en/1.0.0/
CHANGELOG.md:5
🔗
中危 外部 URL 外部 URL
https://semver.org/spec/v2.0.0.html
CHANGELOG.md:6
🔗
中危 外部 URL 外部 URL
https://discord.com/invite/clawd
CONTRIBUTING.md:58
🔗
中危 外部 URL 外部 URL
https://docs.openclaw.ai
QUICKSTART.md:155
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/License-MIT-yellow.svg
README.md:5
🔗
中危 外部 URL 外部 URL
https://opensource.org/licenses/MIT
README.md:5
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/node-%3E%3D18-brightgreen
README.md:6
🔗
中危 外部 URL 外部 URL
https://nodejs.org/
README.md:6
🔗
中危 外部 URL 外部 URL
https://clawhub.ai/skills/openclaw-workspace-backup-restore
README.md:305
🔗
中危 外部 URL 外部 URL
https://clawhub.com
README.md:320
🔗
中危 外部 URL 外部 URL
https://clawlite.ai
README.md:321

目录结构

25 文件 · 128.5 KB · 4648 行
Markdown 14f · 3369L JavaScript 6f · 1162L JSON 2f · 59L Shell 3f · 58L
├─ 📁 examples
│ ├─ 🔧 automated-backup.sh Shell 16L · 507 B
│ ├─ 🔧 basic-backup.sh Shell 22L · 520 B
│ └─ 🔧 pre-deployment-hook.sh Shell 20L · 536 B
├─ 📁 scripts
│ ├─ 📜 backup-and-push.mjs JavaScript 121L · 4.0 KB
│ ├─ 📜 backup.mjs JavaScript 275L · 7.8 KB
│ ├─ 📜 list.mjs JavaScript 164L · 4.4 KB
│ ├─ 📜 restore.mjs JavaScript 264L · 7.7 KB
│ └─ 📜 validate.mjs JavaScript 210L · 5.9 KB
├─ 📁 tests
│ └─ 📜 test.mjs JavaScript 128L · 4.4 KB
├─ 📋 _meta.json JSON 5L · 109 B
├─ 📝 CHANGELOG.md Markdown 46L · 1.9 KB
├─ 📝 CONTRIBUTING.md Markdown 58L · 1.3 KB
├─ 📝 DELIVERY_REPORT.md Markdown 348L · 10.4 KB
├─ 📝 EXAMPLES.md Markdown 147L · 3.3 KB
├─ 📝 FEATURE_DEFINITION.md Markdown 321L · 10.2 KB
├─ 📝 FINAL-DELIVERY-REPORT.md Markdown 336L · 11.4 KB
├─ 📝 P0-1-DELIVERY-REPORT.md Markdown 254L · 7.0 KB
├─ 📝 P0-2-DELIVERY-REPORT.md Markdown 296L · 7.1 KB
├─ 📋 package.json JSON 54L · 1.5 KB
├─ 📝 QUICKSTART.md Markdown 155L · 3.0 KB
├─ 📝 README.md Markdown 325L · 7.8 KB
├─ 📝 RELEASE_CHECKLIST.md Markdown 355L · 8.4 KB
├─ 📝 RELEASE-CHECKLIST.md Markdown 110L · 3.2 KB
├─ 📝 RUNBOOK.md Markdown 313L · 8.0 KB
└─ 📝 SKILL.md Markdown 305L · 8.0 KB

依赖分析 1 项

包名版本来源已知漏洞备注
none (Node.js built-ins only) N/A stdlib Uses only: fs, path, crypto, os, child_process, util — no external packages

安全亮点

✓ No external npm dependencies — only uses Node.js built-in modules (fs, path, crypto, os, child_process), eliminating supply chain risk
✓ Sensitive field sanitization is well-implemented: openclaw.json keys matching /token|key|secret|password|apikey|api_key|auth|credential|bearer/i are replaced with '[REDACTED]'
✓ Pre-restore safety backup: every restore operation automatically creates a pre-restore backup before modifying workspace files
✓ SHA-256 hash verification in manifest prevents silent backup corruption
✓ No base64-encoded payloads, no eval(), no obfuscated code — all scripts are plain, readable JavaScript
✓ Dry-run mode for restore prevents accidental data loss
✓ No credential harvesting or exfiltration: git operations target user-specified remotes only
✓ Backups stored under user-controlled paths (OPENCLAW_BACKUP_DIR env var override supported)
✓ The 'curl | bash' pre-scan IOC is a false positive — it appears only as documentation text in FINAL-DELIVERY-REPORT.md discussing ClawLite's installer, not as executed code