ClawHub

Soul Transfer

Security checks across malware telemetry and agentic risk

Overview

This local migration skill is not malicious, but it creates and restores a high-value archive containing live credentials, sessions, memory, and workspace data with incomplete safeguards.

Install only if you intentionally want a full local clone of an OpenClaw agent. Treat every backup as containing live API keys, login sessions, personal memory, and workspace files; store it encrypted, do not share it, inspect archive contents before restore, and keep an independent backup because the documented safety features are incomplete.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
86% confidence
Finding
Using a common word like "backup" as a trigger increases the chance of accidental invocation during ordinary conversation. In this skill, accidental activation is more dangerous than usual because the operation targets broad filesystem content including credentials, sessions, and personal memory for packaging into a portable archive.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly includes .env, credentials, tokens, sessions, databases, and user memory in a portable ZIP, but the documentation does not present this with a strong, prominent warning proportional to the sensitivity. That makes accidental exfiltration, insecure storage, or unsafe sharing much more likely because users may treat the backup as routine rather than highly sensitive secret material.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The procedure instructs users to replace existing state with backup contents using moves and extraction steps, which can overwrite or orphan current configuration and workspace data. Although there is a later note about overwritten directories and a safety backup step, the destructive actions are not clearly flagged inline where they occur, increasing the chance of accidental data loss during execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The rollback block includes a recursive deletion command that permanently removes the restored state before recovery. Without an inline warning or validation of the target path, a user could execute it incorrectly or misunderstand the consequences, causing irreversible loss of data.

Ssd 3

High
Confidence
99% confidence
Finding
The skill directs comprehensive collection and packaging of credentials, sessions, tokens, databases, and user-related memory into a single portable archive. This materially concentrates sensitive data and enables easy transfer of authenticated state to another environment, increasing the impact of theft, misuse, or accidental disclosure.

Ssd 3

High
Confidence
99% confidence
Finding
The statement that API keys are stored in the backup and "work immediately in new environment" normalizes transfer of live credentials between systems. That creates a high-value archive that can be used for unauthorized access if copied, stolen, or restored onto an untrusted host.

Ssd 3

Medium
Confidence
91% confidence
Finding
The post-restore verification prompts instruct the agent to disclose private identity, owner, and relationship-context memory to validate restoration. This encourages exposure of sensitive personal information in plain conversation or logs, especially if verification occurs in shared terminals, chat channels, or recorded sessions.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal