clawdbot-skill-update

The script is a legitimate-looking restore utility but contains unsafe restore patterns that could be abused: it extracts user-supplied tar archives without sanitizing contents, deletes directories before extraction, and uses workspace paths from a restored config without validation. A malicious or tampered backup could overwrite arbitrary files the user has permission to write and restore sensitive credentials, and the optional git/pnpm steps could result in execution of attacker-controlled build scripts. There is no evidence the script itself contains obfuscated or intentionally malicious code, but it is moderately dangerous to run on untrusted backups. Recommend: only restore backups from trusted sources, verify archive integrity and contents (list tar members and check for absolute/.. paths) before extraction, avoid automatic rm -rf of sensitive dirs, and review git-version and rebuild steps before running them.