ClawHub
Back to skill

Security audit

OpenClaw backup and synchronization tool - Pack, upload, download, and restore. Save the Soul of your OpenClaw.

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real OpenClaw backup tool, but it can upload, share, and restore full OpenClaw state including secrets with limited safeguards.

Install only if you intentionally want a full OpenClaw-state backup and are comfortable with archives that may contain credentials, tokens, memory, agents, channel state, scripts, and cron data. Prefer local export for sensitive workspaces, run --test before any restore, avoid share links for secret-bearing backups, revoke shares when done, and rotate credentials if a backup was uploaded or shared unintentionally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly reads the local Gateway auth token from ~/.openclaw/openclaw.json and rewrites restored configuration to preserve or overwrite that token. This manipulates a sensitive credential during backup/restore and can silently change authentication state across instances, which is security-relevant because backups already contain credentials and this code directly handles them.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill description is broad enough to trigger on generic backup, migration, or sharing requests, which can cause the agent to invoke a high-trust skill in situations where the user did not specifically intend OpenClaw workspace export or restore. Because the skill has read/write access to ~/.openclaw and network capability, overbroad routing increases the chance of unintended data exposure or destructive restore actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises cloud upload, download, and sharing of complete OpenClaw state, including optional API keys and tokens, without an upfront user-facing privacy and sensitivity warning. This is dangerous because users may unknowingly transmit secrets, memory, skills, and agent data to a third-party service or generate share links for sensitive backups.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The restore flow imports comprehensive backup contents including credentials, configs, agents, and channel state directly into ~/.openclaw without an in-code confirmation gate. Because the package may come from cloud storage or a share token, this can overwrite local trusted state with attacker-supplied configuration and secrets handling changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The backup process intentionally includes credentials, API keys, gateway config, channel state, and agent data into portable archives. Although there are some warning strings, the tool still creates highly sensitive archives by default, and those archives can then be uploaded or shared, amplifying the blast radius of accidental disclosure.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: clawclone
description: "Backup, clone, and migrate OpenClaw data across instances. Upload/download OpenClaw snapshots to local or cloud - https://clawclone.cc . Create shareable Agent configurations, sync between devices, and restore complete OpenClaw state including memory, skills, agents, and settings. Use when user wants to backup their OpenClaw data, share configurations, migrate to new server, or create snapshots."
metadata:
  openclaw:
    requires:
Confidence
90% confidence
Finding
Create shareable Agent configurations, sync between devices, and restore complete OpenClaw state including memory, skills, agents, and settings. Use when user wants to backup their OpenClaw data, shar

Session Persistence

Medium
Category
Rogue Agent
Content
### Share Backups

```bash
# Create a share link
node clawclone.mjs share create <clone-id>

# Check share status
Confidence
96% confidence
Finding
Create a share link node clawclone.mjs share create <clone-id> # Check share status node clawclone.mjs share status <clone-id> # Revoke share link node clawclone.mjs share revoke <clone-id> # Clone

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal