iScandium OpenClaw Samba Backup

Security checks across malware telemetry and agentic risk

Overview

This is a real Samba backup skill, but it asks users to store local admin credentials and can automatically copy sensitive OpenClaw data to a remote share with privileged cleanup.

Review before installing. Use only if you trust the publisher and the Samba destination, and assume the default backup may include sensitive OpenClaw files. Prefer a least-privilege Samba account, a preconfigured mount or narrow sudoers rule instead of storing an admin password, restricted permissions on config files, explicit exclusions for secrets, and a manual test run before enabling cron.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Context-Inappropriate Capability

High

Confidence: 98% confidence
Finding: The script reads a local admin password from configuration and repeatedly pipes it into `sudo -S` to perform privileged mount, copy, unmount, and deletion operations. That gives the skill host-level privilege well beyond ordinary file backup needs, and exposes a highly sensitive credential in plaintext configuration and process flows.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The header describes a simple `cp`-based backup, but the script actually performs privileged mount/unmount actions and destructive cleanup with `rm -rf`. This mismatch can mislead reviewers and operators into granting trust or permissions they would not approve if the full behavior were disclosed.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill explicitly states that backups execute automatically without step-by-step confirmation, while the documented workflow involves transmitting user data to a remote Samba share and using stored credentials. In this context, the lack of an explicit warning or confirmation increases the risk of unintended data exfiltration, misuse of privileged credentials, or accidental backup to an incorrect remote host.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script extracts Samba and local admin credentials directly from plaintext JSON without any warning, secure storage control, or masking. This increases the chance of credential leakage through file disclosure, backups, logging, or accidental sharing of the skill package.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script begins privileged filesystem operations without any confirmation, dry-run mode, or explicit warning that it will mount/unmount paths and later delete old backups. In a skill context, that makes accidental execution more dangerous because users may expect a routine backup, not host-level changes.

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: | `target_share_username` | Samba 用户名 | | `target_share_password` | Samba 密码 | | `source_admin_username` | 本服务器管理员用户名 | | `source_admin_password` | 管理员密码（sudo 用） | | `max_backups` | 保留备份数量（默认 7） | | `source_dir` | 备份源路径（默认 ~/.openclaw） | | `target_folder` | 目标文件夹名（默认 hostname） |
Confidence: 93% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: "source_admin_username": { "type": "string", "title": "本服务器管理员用户名", "description": "用于执行 sudo 挂载操作的管理员账户" }, "source_admin_password": { "type": "string",
Confidence: 91% confidence
Finding: sudo

Sudo/Root Execution

Medium

Category: Privilege Escalation
Content: "source_admin_password": { "type": "string", "title": "本服务器管理员密码", "description": "管理员密码，用于 sudo 挂载和执行 cp", "format": "password" }, "max_backups": {
Confidence: 95% confidence
Finding: sudo

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal