Back to skill

Security audit

OpenClaw Backup Safe

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local backup and restore skill, but its archives contain sensitive OpenClaw credentials, sessions, memory, and scheduled tasks.

Install only if you want full local OpenClaw backups. Treat every backup archive as secret material: keep it private, restrict access, consider encryption, and do not restore archives from untrusted sources. Before restoring, create or locate a current safety copy and verify the rollback path because the detailed rollback example does not match its timestamped restore copy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The rollback procedure is internally inconsistent: the documented restore flow renames the original directory to `~/.openclaw-pre-restore-<timestamp>`, but the rollback later attempts to restore from `~/.openclaw-old`, which was never created. In practice, this can cause recovery failure during an incident, leaving users without an easy path back to the pre-restore state and increasing the chance of manual mistakes or data loss.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The backup scope includes highly sensitive material such as credentials, API tokens, auth profiles, workspace data, and Telegram session data, but the documentation does not warn users that the resulting archive is sensitive and must be protected. This can lead to insecure storage, over-broad sharing, or accidental exposure of secrets that would enable account compromise or session hijacking.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The restore steps replace the live ~/.openclaw state with backup contents, but the documentation does not prominently warn that this may overwrite newer data, revert configuration, or restore old credentials and scheduled tasks. Users may unintentionally lose current state or reintroduce stale or compromised settings during restoration.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The backup explicitly contains highly sensitive material such as API keys, tokens, agent authentication data, and Telegram sessions, but the document does not warn users that restored archives effectively reintroduce privileged credentials. In a backup/restore skill, this is especially risky because users are encouraged to move and extract archives, which can expose or accidentally reuse secrets across systems or users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.