Back to skill
Skillv1.0.0
VirusTotal security
Openclaw Backup · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:12 AM
- Hash
- 9978ddc882b65c7669363d124095c463bd310eaeff5bd33645670ea35a44732a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: halaoluan-openclaw-backup Version: 1.0.0 The skill provides functional backup and encryption utilities for OpenClaw data but is classified as suspicious due to high-risk system interactions and a cryptographic implementation flaw. It accesses sensitive directories (~/.openclaw) containing API keys and session tokens, and it modifies system persistence by installing a cron job via 'scripts/setup_cron.sh'. Furthermore, 'scripts/backup_encrypted.sh' insecurely passes the encryption password as a command-line argument to openssl, which exposes the secret to other users or processes on the system via the process list. While these behaviors align with the stated purpose of a backup tool, they represent significant security risks.
- External report
- View on VirusTotal