ClawHub

Openclaw Backup

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate OpenClaw backup tool, but it needs review because it copies API-key credentials and can permanently delete old backup folders without strong safeguards.

Review this before installing if your OpenClaw setup contains API keys or important historical backups. Use a dedicated private backup directory, avoid shared or cloud-synced locations unless encrypted, verify the old-backup path is not a broad folder such as home or root, and review config.sh before repeated or scheduled runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script backs up highly sensitive material including credentials and identity data into a general backup location without any explicit warning, consent step, or protection mechanism. In the context of a backup skill, this increases the chance that users will unknowingly create plaintext copies of secrets that could later be exposed through filesystem access, sync tools, or insecure sharing.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script permanently deletes old backups with rm -rf once a size threshold is exceeded, without any confirmation, dry-run mode, or safety checks beyond directory existence. For a backup tool, silent destructive cleanup undermines recovery guarantees and can cause irreversible data loss if paths are misconfigured or retention values are incorrect.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal