扫描报告
5 /100
openclaw-backup-rollback
自动备份 + 回滚系统,保护OpenClaw配置安全
Legitimate backup and rollback plugin for OpenClaw with fully declared shell operations and no hidden functionality.
可以安装
No action needed. The skill performs standard backup/restore operations using tar, gzip, and systemctl as documented.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Hardcoded user home path | scripts/backup_openclaw.sh:3 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md declares backup functionality; code creates tar.gz in ~/.openclaw/backu… |
| 命令执行 | WRITE | WRITE | ✓ 一致 | SKILL.md declares systemctl/restart; code uses subprocess for tar, systemctl, du |
| 网络访问 | NONE | NONE | — | No network operations found |
| 环境变量 | NONE | NONE | — | No os.environ access found |
| 技能调用 | NONE | NONE | — | No skill invocation found |
| 剪贴板 | NONE | NONE | — | No clipboard access found |
| 浏览器 | NONE | NONE | — | No browser operations found |
| 数据库 | NONE | NONE | — | No database access found |
目录结构
5 文件 · 13.3 KB · 422 行 Python 2f · 270L
Markdown 1f · 56L
JSON 1f · 50L
Shell 1f · 46L
├─
▾
scripts
│ ├─
backup_openclaw.sh
Shell
│ ├─
backup_rollb_plugin.py
Python
│ └─
rollback.py
Python
├─
openclaw.plugin.json
JSON
└─
SKILL.md
Markdown
安全亮点
✓ All shell operations declared and relevant to backup/restore functionality
✓ No credential harvesting or environment variable iteration
✓ No network requests to external IPs
✓ No base64 encoding/decoding or eval() patterns
✓ No hidden instructions in HTML comments
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)
✓ Proper exclusion of node_modules and logs from backups
✓ Creates pre-rollback backup before restoring
✓ Limited to specific systemd services (openclaw-gateway, vector-search, openclaw-gateway-guardian)
✓ Well-documented in SKILL.md with clear file structure