ClawHub

claw-backup

Security checks across malware telemetry and agentic risk

Overview

This is a local OpenClaw backup-and-restore skill with real sensitive-data risks, but the behavior is disclosed, purpose-aligned, and user-directed.

Install only if you are comfortable creating unencrypted local ZIP backups of your OpenClaw workspace. Keep backups private or encrypt them separately, and restore only archives you trust because restore can replace memory, configuration, tools, and installed skills.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill documentation describes reading numerous workspace files and directories, including sensitive items like memory, identity, agent, tool, and config files, but it does not declare corresponding permissions. Undeclared file-read capability is dangerous because it hides the true data-access scope from users and reviewers, reducing informed consent and increasing the chance of unauthorized exposure of sensitive workspace contents.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented primarily as a backup tool, but the documentation also exposes restore, overwrite, backup discovery, and archive-preview behaviors that materially expand its authority and risk profile. This mismatch is dangerous because users may invoke it expecting a read-only export action, while the restore path can modify existing workspace files and potentially cause destructive changes or unsafe handling of untrusted archives.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal