EVEZ Backup Sync
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: evez-backup-sync Version: 1.0.0 The skill implements an automated backup system that exfiltrates the entire agent workspace and internal state to Git and Supabase. A significant red flag is found in `evez_backup_sync.py`, which hardcodes attempts to push data to non-standard Git remotes named `evez666` and `advancement`. While these actions are framed as a 'backup' service, the automated exfiltration of the full workspace directory and internal 'consciousness' states to specific, potentially external targets poses a high risk of data leakage if those remotes are pre-configured or redirected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can reach the port may be able to force commits and pushes, write data to Supabase, or trigger backups using the user's environment.
The server listens on all interfaces, allows cross-origin access, and directly exposes mutating backup/git/Supabase actions without any visible authentication or approval check.
self.send_header("Access-Control-Allow-Origin", "*") ... elif p == "/api/git/push": self._j(git_commit_push(b.get("message"))) ... elif p == "/api/supabase": self._j(supabase_backup(...)) ... s = HTTPServer(("0.0.0.0", args.port), BackupHandler)Bind only to 127.0.0.1 by default, add authentication/authorization, remove broad CORS, and require explicit user confirmation for git push and cloud-write operations.
Private workspace files or secrets could be pushed to a GitHub remote or backed up to Supabase if the configured credentials permit it.
The code uses ambient Git remotes/credentials and optional Supabase credentials to push or write data, but the scope of those credentials, remotes, and tables is not clearly bounded.
subprocess.run(["git", "add", "-A"], cwd=str(WORKSPACE)...) ... for remote in ["advancement", "origin", "evez666"]: ... ["git", "push", remote, "main"] ... key = os.environ.get("SUPABASE_KEY", "")Declare required credentials, restrict to an explicit user-selected remote/table, use least-privilege tokens, add secret/path exclusions, and provide a dry-run review before committing or uploading.
A reachable caller could inject misleading memories for future use or retrieve remembered content that may contain sensitive context.
Persistent memory can be saved and searched through the HTTP API, with fallback storage in the workspace and no visible authentication or per-user boundary.
elif p == "/api/mem0/save": self._j(mem0_save(...)) ... elif p == "/api/mem0/search": self._j({"results": mem0_search(...)}) ... path = STATE_DIR / "mem0_fallback.json"Protect memory endpoints with authentication, isolate memory by user/workspace, validate saved content, define retention/deletion controls, and avoid storing memory inside paths that may be git-pushed.
Users must manually ensure the correct packages are installed and trusted before enabling Supabase or mem0 functionality.
The skill imports optional third-party packages, while the provided artifacts include no install spec, pinned dependency versions, or provenance details for those packages.
from supabase import create_client ... from mem0 import Memory
Provide a pinned requirements file or install spec and clearly document which optional integrations are needed for each feature.
A user may incorrectly rely on automatic timed backups that are not implemented by the included script alone.
The documentation claims scheduled automatic backups, but the provided source mainly exposes HTTP endpoints and a long-running server; no scheduler for those intervals is evident in the supplied code.
Git auto-commit and push — Every 5 minutes ... Full state snapshots ... every 15 minutes
Clarify whether an external scheduler is required or implement the documented schedule in code.