ClawHub

Dr Backup Gui

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed disaster-recovery GUI that runs powerful backup, sync, restore, and migration tools, with some operator-safety gaps but no evidence of hidden or malicious behavior.

Install only in a virtual environment or controlled admin workstation, review the commands and targets before running, avoid saving sensitive credentials in profiles unless local file permissions are restricted, and always use dry-run before Rsync or cloud sync operations that may delete or overwrite destination data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def install_deps():
    print("正在安装 Python 依赖...")
    subprocess.run([sys.executable, "-m", "pip", "install", "PyQt6", "--quiet"])
    print("✅ PyQt6 已安装")
    print()
    print("=" * 55)
Confidence
91% confidence
Finding
subprocess.run([sys.executable, "-m", "pip", "install", "PyQt6", "--quiet"])

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script performs automatic package installation via pip without clearly warning the user that their local Python environment will be changed. In an admin or production context, this can cause unreviewed dependency changes, dependency confusion/supply-chain exposure, and compatibility issues, especially in a disaster-recovery tool where operators may run scripts on sensitive systems.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The normal Rsync sync path can execute with --delete enabled without any explicit confirmation dialog, even though it can remove files from the destination. In a disaster-recovery GUI, this is especially risky because operators may trust the UI and accidentally trigger destructive data loss against local or remote targets.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal