ClawHub

Workspace Sync & Backup

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate cloud sync and backup skill, but it needs Review because its backup/restore feature can include sensitive agent state beyond ordinary workspace files.

Install only if you trust the configured cloud remote and understand that backups may include sensitive agent state such as config, cron, and memory. Prefer mailbox mode, review excludes before syncing, keep backups disabled or workspace-only unless needed, protect the backup passphrase, and do not run restore or sudo-based setup unless you intend those changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is presented as a workspace sync utility, but the documented backup feature materially expands scope to snapshot config, cron, and memory data to cloud storage. That creates a significant confidentiality risk because operators may enable it expecting only workspace file sync, while actually exporting broader sensitive agent state.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Backing up config, cron, and memory exceeds the stated purpose of syncing the workspace and may capture secrets, schedules, credentials, prompts, and other internal state. Sending this data to cloud storage broadens the blast radius of any remote compromise or misconfiguration and violates least-privilege expectations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The setup script performs host-level software installation via system package managers and sudo, which exceeds a narrowly scoped workspace/cloud-sync action and modifies the broader system. Although the user is prompted first, this still grants the skill privileged host-modification capability that could be abused if the script were altered or invoked in an automated context.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented restore command lacks a prominent warning that restore operations can overwrite or alter existing local data. In a skill that handles automated cloud sync and snapshots, understated restore semantics increase the risk of accidental data loss or rollback of important local state.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal