by 安全扫描
OpenClaw
可疑
medium confidenceThe plugin's declared behavior (GitHub-based workspace sync) matches the code and instructions, but there are supply-chain and execution-surface inconsistencies (use of npx, a wildcard dependency, no install spec, and silent automatic hooks) that warrant caution before installing.
评估建议
This plugin appears to do what it says (sync your OpenClaw workspace to a GitHub repo), but exercise caution before installing:
- Supply-chain risk: package.json depends on '@any-sync/cli' with a wildcard version and the docs instruct using 'npx any-sync', which can fetch and execute remote code. Prefer a pinned release or inspect the CLI package source before running.
- Automatic hooks: by default the plugin auto-pulls and auto-pushes on session start/end. Disable autoSync in the plugin config...详细分析 ▾
✓ 用途与能力
Name, description, skills, hooks and code all consistently implement a GitHub-backed sync for the OpenClaw workspace (pull/push/status/start/reset). Requiring the gh CLI in hook metadata and referencing workspace paths in SKILL.md is coherent with the stated purpose.
⚠ 指令范围
Runtime instructions and skill docs repeatedly tell the agent to run 'npx any-sync' commands and to read/write config at $HOME/.any-sync.json and .any-sync.lock and workspace directories. That's expected for a sync tool, but running 'npx any-sync' will fetch and execute remote code if not locally installed — the instructions grant broad discretion to execute that package. Hooks auto-run autoPull/autoPush on session start/end and fail silently, which could hide failures or unexpected behavior.
⚠ 安装机制
No install spec is provided in the registry entry even though the package.json lists dependencies and the plugin code requires '@any-sync/cli'. The package.json uses an unpinned dependency ('@any-sync/cli': '*'), and the SKILL.md instructs use of 'npx any-sync' (runtime retrieval/execution). These are supply-chain risks: arbitrary new code could be executed when installing or running the CLI.
ℹ 凭证需求
The skill doesn't declare required environment variables, but the start wizard advises using GITHUB_TOKEN or gh auth login, and optionally OPENCLAW_WORKSPACE/OPENCLAW_PROFILE for custom paths. Those env vars are relevant to GitHub authentication and workspace location. No unrelated credentials or unexpected config paths are requested.
ℹ 持久化与权限
The plugin registers session_start and session_end hooks to auto-pull/push by default (autoSync true unless explicitly disabled). always is not set. Autonomous invocation of hooks is expected for sync behavior, but combined with the ability to push workspace contents to a configured repo, this increases the impact if the remote or CLI is malicious — consider disabling autoSync until you verify the tooling.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.2.102026/4/8
- Updated package.json (details not shown). - No changes to skill documentation or commands.
● 无害
安装命令
点击复制官方npx clawhub@latest install any-sync
镜像加速npx clawhub@latest install any-sync --registry https://cn.longxiaskill.com