openclaw-crm

The skill is classified as suspicious due to a critical vulnerability in its `backup` command, located in `src/cli.js` and `src/backup.js`. The `--output <path>` option for `crm backup` allows an attacker (via prompt injection to the agent) to specify an arbitrary absolute file path. This enables the skill to write the database backup files (`.db`, `.db-wal`, `.db-shm`) to any location on the filesystem, potentially overwriting sensitive system files (e.g., `/etc/passwd.db`, `/etc/cron.d/malicious_job.db`). While the skill itself does not exhibit malicious intent, this arbitrary file write capability represents a significant security flaw that could be exploited for system compromise.