ClawHub

Config Rollback

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenClaw configuration rollback helper, but it installs a persistent cron task that can automatically restore the OpenClaw config and restart the gateway.

Install only if you want a persistent cron job checking OpenClaw rollback state every minute. Review the exact crontab entry, know that it can overwrite ~/.openclaw/openclaw.json from a backup and restart the gateway after timeout, and remove the rollback-guardian cron entry when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • YARA SignaturesMalware Match, Webshell Match, Cryptominer Match
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly instructs users to execute shell commands and relies on shell scripts, yet the metadata only declares a binary requirement and does not transparently declare the effective shell capability. This weakens permission transparency and reviewability, increasing the chance that users enable a skill without understanding that it can modify local configuration and automation state.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose emphasizes config rollback, but the skill also persists a cron job, appends verification records, provides shell helpers, and invokes gateway control commands. This mismatch is dangerous because it obscures persistent system changes and operational control beyond what a user may reasonably expect from a rollback utility.

Session Persistence

Medium
Category
Rogue Agent
Content
3. **设置 Cron**
   ```bash
   (crontab -l 2>/dev/null | grep -v "rollback-guardian"; echo "*/1 * * * * ~/.openclaw/workspace/skills/config-rollback/scripts/rollback-guardian.sh") | crontab -
   ```

4. **验证**
Confidence
95% confidence
Finding
crontab -l

Session Persistence

Medium
Category
Rogue Agent
Content
# 4. 设置 Cron
echo ""
echo "⏰ 设置 Cron 守护任务..."
(crontab -l 2>/dev/null | grep -v "rollback-guardian"; echo "*/1 * * * * $OPENCLAW_DIR/scripts/rollback-guardian.sh") | crontab -
echo "   ✅ Cron 任务已添加"

# 5. 验证
Confidence
92% confidence
Finding
crontab -l

YARA rule 'backdoor_persistence': Backdoor persistence with malicious payloads (shell commands, SSH key injection, hidden root users) [malware]

High
Category
YARA Match
Content
(crontab -l 2>/dev/null | grep -v "rollback-guardian"; echo "*/1 * * * * $OPENCLAW_DIR/scripts/rollback-guardian.sh") | crontab -
echo "   ✅ Cron 任务已添加"

# 5. 验证
echo ""
echo "🔍 验证安装..."
if [ -x "$OPENCLAW_DIR/scripts/prepare-config-change.sh" ]; then
Confidence
95% confidence
Finding
crontab -l 2>/dev/null | grep -v "rollback-guardian"; echo "*/1 * * * * $OPENC

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal