Backup 2 Github

Security checks across malware telemetry and agentic risk

Overview

This is a plausible OpenClaw-to-GitHub backup tool, but it can upload sensitive agent memory/profile/configuration data to GitHub and has unsafe scoping defaults users should review first.

Install only after setting your own private GitHub repository and a fine-grained token limited to that repo. Run dry-run first, review the exact file list, avoid backing up credentials or cookies unless encrypted, and treat restore as high impact because it can overwrite OpenClaw memory and configuration.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly offers backing up `credentials/*.json` to a GitHub repository, which creates a real risk of transmitting secrets or session material to a remote service. Even with a private repository, secrets can be exposed through repository compromise, token misuse, accidental sharing, or overly broad retention, and the warning in the skill is too weak for the sensitivity of this data.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script is designed to upload highly sensitive local files such as identity, memory, user profile, tool configuration, and cron/job data to a GitHub repository, with a default remote destination and no strong warning, sensitivity review, encryption, or private-repo enforcement. In an agent/workspace context, these files can contain secrets, personal data, operational details, or credentials, so accidental backup to an unintended or public repository could result in significant data exposure.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The manifest explicitly states that personalized configuration and user data will be backed up to GitHub, but it provides no user-facing warning, consent language, or privacy constraints. This can lead to unintentional transmission of sensitive information to a third-party service, increasing the risk of privacy violations, credential leakage, or accidental publication if repositories are misconfigured.

Vague Triggers

Low

Confidence: 73% confidence
Finding: The listed capabilities are broad and underspecified, with no indication of when backup or restore actions may be invoked or what guardrails apply. In a skill that can move user data to and from GitHub, vague trigger scope raises the chance of unintended activation, overbroad operation, or user confusion about when sensitive actions occur.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal