Backboard.io
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: backboard Version: 1.0.2 The skill bundle is designed to integrate with Backboard.io via a local Flask backend. The `SKILL.md` defines tools for managing assistants, threads, memories, and documents, including `backboard_upload_document` which takes a `file_path` parameter. While this parameter could be a vector for data exfiltration if an AI agent were maliciously prompted to upload sensitive local files, the `SKILL.md` itself contains no instructions for such abuse. The backend code (`backend/api/routes/documents.py`) securely handles file uploads by saving them to temporary files, performing file type validation, and then deleting them, rather than reading arbitrary paths directly from the agent. The `start.sh` script and Python dependencies are standard and show no malicious intent or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone who can reach port 5100 on the user's network could potentially invoke Backboard actions through the user's running backend.
The backend is started on all network interfaces, not just localhost. Because the same Flask app exposes Backboard management endpoints, this can make account-mutating actions reachable beyond the user's machine if the port is accessible.
uv run flask run --host=0.0.0.0 --port=5100
Bind the server to 127.0.0.1 by default, add local authentication or origin protections, and require explicit confirmation for destructive operations.
Users may not realize the skill needs an API key that can create, read, update, and delete Backboard resources.
The backend requires a Backboard API key even though the supplied registry metadata declares no required environment variables or primary credential. That key grants delegated access to Backboard account operations.
if [ -z "$BACKBOARD_API_KEY" ]; then
echo "ERROR: BACKBOARD_API_KEY environment variable is not set"Declare BACKBOARD_API_KEY in metadata, document its scope clearly, and use the least-privileged Backboard credential available.
Running the backend in this mode could expose a dangerous development server to other devices on the network.
If run directly, the Flask app enables debug mode while binding to all interfaces. A network-exposed Flask debugger is unnecessary for this skill and can create code-execution risk.
app.run(host="0.0.0.0", port=5100, debug=True)
Disable debug mode in packaged runtime paths and bind to localhost unless the user deliberately configures otherwise.
Information saved as memory may affect future conversations and may remain in Backboard until deleted.
Persistent Backboard memory is an intended feature and is disclosed, but it means user preferences, conversation-derived facts, or other content can be retained and reused later.
Store a memory for an assistant that persists across conversations.
Store only information the user intentionally wants retained, explain what is being saved, and make deletion/review easy.
A future dependency release could change behavior or introduce vulnerabilities when the backend is installed.
The backend depends on external packages with lower-bound version constraints rather than pinned versions. This is common for Python projects but leaves runtime behavior dependent on package resolution at install time.
"flask>=3.0.0", "backboard-sdk>=1.4.11", "pydantic>=2.0.0", "python-dotenv>=1.0.0"
Pin or lock dependency versions for releases and verify package provenance before running the backend.