Back to skill

Security audit

OpenClaw 备份还原工具

Security checks across malware telemetry and agentic risk

Overview

This is a local OpenClaw backup and restore helper whose sensitive file access matches its stated purpose.

Install only if you want local backups of OpenClaw state. Keep the backup folder private because it may contain memory, profile, tools, and configuration data, and verify the selected backup before restoring because it can replace current OpenClaw files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents restore and restart actions as simple one-command operations but does not warn that restore can overwrite current configuration/data and restart can interrupt service availability. In a backup/restore skill aimed at less technical users, this omission increases the chance of accidental destructive actions or downtime during normal use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.