ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Everclaw

v0.3.3

Encrypted cloud memory for your agent. Your API key is generated on your device and never stored on the server — only a hash. Everything your agent saves is AES-256-GCM encrypted before it's stored. No one can read it, not even us. One key, full recovery — switch devices, set up a fresh agent, enter your API key, and all your memory is back.

4· 3.2k·2 current·3 all-time
by@tlxue
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to provide client-side AES-256-GCM encrypted backups and uses a single API key (EVERCLAW_API_KEY), which fits the stated purpose. However, the SKILL.md uses shell tools (curl, openssl, whoami) but the skill metadata declares no required binaries — a mismatch. The network endpoint is a Cloudflare Workers subdomain rather than a well-known service domain; that can be legitimate but should be expected and explained. Overall: purpose aligns, but the declared requirements and endpoint provenance are under-specified.
!
Instruction Scope
The SKILL.md instructs the agent to automatically run a full setup without asking the user, write to ~/.openclaw/openclaw.json (enabling the skill and storing the API key), append to HEARTBEAT.md, read several workspace files, and upload them to the remote vault. Those file operations are consistent with backup behavior, but the instructions send files with curl using --data-binary (no client-side encryption commands are shown). This contradicts the claim that 'Everything your agent saves is AES-256-GCM encrypted before it's stored.' It's unclear whether encryption is performed client-side (but omitted from the doc) or server-side (contradicting the privacy claim). The automatic, no-prompt setup is also scope creep and increases risk.
Install Mechanism
There is no install spec (instruction-only), which reduces disk-write/install risk. However, network operations target https://everclaw.chong-eae.workers.dev — a specific Cloudflare Workers subdomain instead of a clearly known product domain. No code is downloaded or extracted by an installer, which is low risk, but the endpoint's provenance should be verified.
Credentials
Requesting a single primary credential (EVERCLAW_API_KEY) is proportionate for a backup service. No other unrelated credentials are requested. That said, the metadata claims no required binaries while the runtime instructions rely on curl and openssl; the missing declaration is a coherence issue. The instructions also direct storing the API key in ~/.openclaw/openclaw.json (local disk) — which is reasonable but should be explicit about storage protections.
!
Persistence & Privilege
The skill does not request 'always: true', which is good. However, it instructs modifying the agent's config file (~/.openclaw/openclaw.json) and appending to a workspace file (HEARTBEAT.md) automatically and without user confirmation. Those modifications are within typical install behavior for a skill, but the combination of automatic setup, file I/O over the network, and unclear encryption practices increases privilege risk compared to a passive/read-only skill.
What to consider before installing
Key issues you should resolve before installing or enabling this skill: - Ask the maintainer to explain exactly where encryption happens. The SKILL.md shows uploads sent with curl (plain content) but also claims "Everything ... is AES-256-GCM encrypted before it's stored." You should require a clear, reproducible client-side encryption step (commands or code) or an explicit, trustworthy explanation that the server performs encryption and why that still preserves the privacy claim. Without that, your workspace files would be uploaded in plaintext to an unfamiliar endpoint. - Confirm the endpoint and operator identity. The API is hosted at a Cloudflare Workers subdomain (everclaw.chong-eae.workers.dev). Verify who runs that service and review their privacy policy / source code (or ask for published client code) before sending sensitive data. - Require interactive consent. The SKILL.md says "run the full setup automatically without asking the user any questions." Insist that setup be manual or at least require confirmation before: generating and storing an API key, writing to ~/.openclaw/openclaw.json, appending to HEARTBEAT.md, or uploading files. - Validate what is stored locally. The install stores EVERCLAW_API_KEY in ~/.openclaw/openclaw.json — check that this file is stored securely (permissions, not world-readable) and consider using a platform secret store instead of a plaintext config file. - Ask for a minimal, explicit implementation (or audited source). Because this is an instruction-only skill and no source is provided, request the client-side code or a clear, tested command sequence (including any encryption steps) before trusting it with backups. What would make this 'benign': explicit client-side encryption commands or a vetted client binary that demonstrates AES-256-GCM encryption before upload, clear operator identity and privacy docs, and removing the "no questions" auto-setup so the user can review changes before they happen. Given the contradictions and missing details, treat this skill as suspicious until those questions are answered or you can review the implementation yourself.

Like a lobster shell, security has layers — review code before you run it.

latestvk974kakgnc262gnprker0y5hm980h5w1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Primary envEVERCLAW_API_KEY

Comments