ClawHub

webdav-backup

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local/WebDAV backup tool; its broad file access and optional upload match its purpose, but backups can contain private OpenClaw data.

Install only if you trust the WebDAV destination and understand that OpenClaw backups may include prompts, workspace files, schedules, and credentials stored in openclaw.json. Prefer --local-only or --source for narrower backups, use HTTPS and app-specific WebDAV passwords, keep config permissions tight, and consider encrypting archives before remote upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill requires access to environment variables, local files, and network endpoints to read backup sources and upload archives to WebDAV, but it does not declare corresponding permissions. This creates a transparency and governance gap: an agent or reviewer cannot accurately assess the skill's authority before use, and the skill handles especially sensitive data such as configuration files and credentials-adjacent material.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation states that, by default, backups include the OpenClaw workspace, configuration file, and cron data, and may be sent to a WebDAV server. That creates a real confidentiality risk because users may unintentionally transmit sensitive tokens, prompts, schedules, or workspace contents off-host without a prominent privacy warning or guidance to review backup contents first.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal