ClawHub

Complete Agent Backup

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent backup tool, but it handles credentials and agent state while overclaiming implemented safeguards and leaving restore-time safety gaps.

Install only if you need full agent backups and are comfortable managing archives that may contain API keys, bot tokens, sessions, memories, skills, and credentials. Use encryption before any cloud upload, restore only backups you trust, avoid --force unless necessary, and treat the current restore implementation as needing fixes for archive validation and decrypted temporary-file cleanup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises shell-driven backup, restore, scheduling, cloud setup, and service operations but does not declare corresponding permissions. In an agent ecosystem, undeclared shell capability reduces transparency and can cause users or policy engines to approve a skill without understanding that it can read, archive, overwrite, and transmit sensitive local data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The description claims optional encryption, cloud storage, incremental backups, integrity verification, and a web UI, while the analysis indicates some of these are unimplemented and restore may overwrite installations, stop services, and back up highly sensitive secrets. This mismatch is dangerous because operators may trust safeguards that do not actually exist and may trigger destructive restore or secret-handling behavior without informed consent.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The example trigger phrase, 'Create a backup of my agent,' is broad natural language that could plausibly appear in ordinary conversation, making accidental invocation more likely. In a backup skill, unintended execution can collect secrets, create archives of private conversations, or initiate cloud upload workflows the user did not mean to start.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
Restore operations that overwrite existing agent data are destructive, and the documentation does not prominently warn about that risk. In this context, restore can replace configuration, sessions, memories, skills, and credentials, leading to data loss, service interruption, or rollback to compromised state if used on an untrusted backup.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script uploads the produced archive to cloud storage whenever --cloud-upload is set, but the archive explicitly contains secrets such as .env files, auth.json, tokens, credentials, and session data. Although the script warns earlier that the archive contains credentials, there is no confirmation or policy check at the actual upload step, so sensitive data can be exfiltrated to third-party storage accidentally or without encryption.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal