ClawHub

OpenClaw Backup Rclone

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenClaw backup helper, but its default backup includes credentials, memory, agents, and workspaces and uploads them to the user’s rclone destination.

Install only if you intentionally want full remote backups of OpenClaw. Before scheduling it, verify the rclone path, use a private encrypted destination where possible, consider running with --include-credentials false and disabling memory or workspace backups if not needed, and remember that the cron example will keep sending backups until removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill’s documentation materially understates what is backed up: it includes highly sensitive data such as credentials, memory, workspace contents, and agent configurations, not just 'overall configuration'. This can mislead operators into exporting secrets and private data to remote storage they may treat as lower sensitivity, increasing the risk of large-scale data exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script is explicitly designed to archive and upload highly sensitive OpenClaw data, including memory, workspace contents, agents, and credentials, to an arbitrary rclone remote. There is no explicit privacy warning, encryption requirement, redaction, or confirmation step, so operators may unintentionally exfiltrate secrets and personal data to third-party storage or misconfigured destinations.

Missing User Warnings

High
Confidence
98% confidence
Finding
`INCLUDE_CREDENTIALS=true` causes secrets in `/root/.openclaw/credentials` to be included by default in every backup. Because the archive is then uploaded to any configured remote backend, a mistaken configuration, compromised remote, or overly broad access to the backup store can directly expose authentication material and enable downstream compromise.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script performs `rclone copy` to a user-supplied remote path without a visible interactive notice that the archive is being transmitted off-host. In this skill's context, the backup contents can include sensitive operational and secret data, so silent network transfer materially increases the chance of accidental data disclosure.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal