ClawHub

OpenClaw Backup

Security checks across malware telemetry and agentic risk

Overview

This is a local OpenClaw backup and restore skill whose sensitive access is expected for its purpose, but users must treat the backup archives as highly confidential.

Install this only if you want full local backups of OpenClaw. Treat the generated archives like passwords: keep them private, consider encrypted storage, avoid sharing or syncing them to untrusted locations, review the cron path before enabling scheduled backups, and check restore commands carefully before replacing current data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states that backups include credentials, API keys, tokens, session data, agent configs, and workspace files, but it does not present a prominent warning about the sensitivity of the resulting archive. This can lead users to store or transmit backup tarballs insecurely, causing credential compromise, session hijacking, or exposure of private user data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The restore steps instruct users to move their live data directory out of the way without any explicit warning that this can overwrite, orphan, or effectively remove current state if the restore is incomplete or the backup is stale. Although a backup of the current directory is created first, the instructions are still operationally destructive and can cause data loss or service disruption if followed blindly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document explicitly states that backups contain credentials, tokens, agent authentication material, workspace contents, and Telegram session data, but gives no guidance on secure storage, encryption, access control, or sharing restrictions. This creates a real risk that backups will be handled like ordinary archives even though they contain highly sensitive secrets that enable account or system compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal