Back to skill
Skillv1.0.5
VirusTotal security
OpenClaw Checkpoint - Personal AI Assistant Backup & Recovery (Github) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:20 AM
- Hash
- 48aaa4fdaf86bb9f12bff110660930f04df17bd910e424b4a50f1929bfd24c03
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-checkpoint Version: 1.0.5 The OpenClaw Checkpoint skill is designed for legitimate backup and restore operations, explicitly excluding sensitive data like API keys and warning users about private repositories. However, it is classified as 'suspicious' due to several high-risk capabilities inherent in its design: the recommended 'quick install' method involves `curl -fsSL ... | bash`, which is a significant supply chain risk. The skill also extensively uses powerful shell commands (`git`, `cp`, `rsync`, `sed`, `grep`, `crontab`, `launchctl`) for file system manipulation, network communication, and persistence (via cron/launchd). While these are necessary for its stated purpose, they represent a broad attack surface for potential shell injection vulnerabilities if not meticulously sanitized in the underlying scripts (which are not provided for analysis). There is no evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or obfuscation, but the combination of `curl | bash` and broad system interaction warrants caution.
- External report
- View on VirusTotal