Personality Backup

Security checks across malware telemetry and agentic risk

Overview

This backup skill is coherent and not malicious, but it needs Review because it can collect secrets, memory, config, projects, and scripts by default and send the encrypted archive by email or on a schedule.

Install only if you intentionally want a tool that can package your OpenClaw identity, memory, secrets, configuration, projects, and scripts. Prefer local-only backups, set a strong non-empty archive password, turn off categories you do not need, confirm the exact email recipient and SMTP settings before enabling email delivery, and do not copy the cron command blindly because it can replace existing scheduled jobs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill advertises capabilities to read environment variables and write files, including cron setup and backup configuration handling, but does not declare any permissions or boundaries. In a security-sensitive backup skill that handles secrets, undeclared capabilities reduce transparency and make it easier for the skill to access or persist sensitive data without explicit user understanding.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The activation wording is broad enough to trigger on many generic requests about setup, management, backups, workspace handling, or identity files. Because this skill is designed to collect and package memory, config, secrets, and projects, overbroad invocation increases the chance it is used in situations where the user did not intend sensitive data collection or backup/export behavior.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill explicitly backs up secrets, memory, configuration, and projects and supports sending the resulting archive by email, yet it does not present an explicit warning about the sensitivity of that data or the risks of external transmission. Even with archive encryption, emailing highly sensitive consolidated data creates significant exfiltration and exposure risk if the recipient, SMTP channel, password handling, or endpoint security is compromised.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script deliberately copies secrets and configuration data into a backup archive without any interactive confirmation, separate opt-in, or prominent warning at runtime. In this skill context, that is more dangerous than usual because the stated purpose is to back up an agent's identity, memory, secrets, and workspace, so accidental inclusion and exfiltration of highly sensitive material is a core operational risk rather than an edge case.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script can automatically deliver the archive by email with no explicit runtime warning or confirmation, which creates a direct exfiltration path for a backup that may contain secrets, memory, configs, and project data. Although the archive is encrypted, misconfiguration, weak passwords, wrong recipients, mailbox compromise, or metadata leakage can still expose sensitive agent data, and the backup skill's context makes this especially risky.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This script emails an encrypted backup archive containing highly sensitive agent data such as personality files, memory, config, secrets, and projects, but there is no user-facing disclosure, confirmation, or policy gate before exfiltrating that archive to an external recipient. Even if the attachment is encrypted, sending it over email materially expands the exposure surface and can enable unauthorized off-host transfer of sensitive data if the recipient, SMTP settings, or automation are misconfigured or abused.

Session Persistence

Medium

Category: Rogue Agent
Content: --- name: personality-backup description: Create encrypted backups of agent personality files, memory, config, secrets, and projects. Use when the agent needs to set up, run, or manage automated backups of its workspace and identity files. Supports configurable backup targets, AES-256 encryption via 7-zip, and delivery via email (SMTP) or local storage. --- # Personality Backup
Confidence: 85% confidence
Finding: Create encrypted backups of agent personality files, memory, config, secrets, and projects. Use when the agent needs to set up, run, or manage automated backups of its workspace and identity files. Su

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal