Back to skill

Security audit

QuarkPan Backup Suite

Security checks across malware telemetry and agentic risk

Overview

This is a coherent backup-and-restore runbook whose cloud upload and rollback risks are expected for its purpose, though users should review those commands carefully before running them.

Install only if you intend to manage Quark/OpenList backups for an OpenClaw workspace. Before running commands, confirm the Quark account and destination, treat archives/checksums and cookies as sensitive, verify retention and encryption expectations, run restore dry-runs first, and use rollback commands only after confirming the snapshot and current backup state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The cookbook documents backup commands that send archives to Quark cloud storage, but it does not clearly warn users that backup contents leave the host and may contain sensitive workspace data. In a backup/restore skill, this omission can cause unintended data exfiltration or policy violations, especially if operators assume the workflow is purely local or do not verify encryption, retention, and destination trust before use.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The rollback command is labeled only as 'danger' and includes a confirmation flag, but it does not clearly explain that applying a snapshot can revert system state, overwrite newer changes, and cause irreversible data loss or service disruption. In a disaster-recovery skill, operators may copy-paste commands from the cookbook, so insufficient warning materially increases the chance of destructive misuse.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.