ClawHub

Backup Recovery Toolkit

Security checks across malware telemetry and agentic risk

Overview

This appears to be a genuine backup and restore toolkit, but it needs Review because its restore path can overwrite files and extract unsafe archives without enough safeguards.

Review before installing. Use a virtual environment or lockfile with pinned dependency versions, do not restore untrusted tar archives, restore into a staging directory first, verify source and destination paths carefully, and use least-privilege database credentials instead of root or production admin accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (18)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The backup and restore examples can modify or overwrite user data, but the documentation does not warn about destructive outcomes from incorrect source, destination, or backup paths. In a backup/recovery context this is materially dangerous because users may run commands against production data and accidentally overwrite current files or restore into the wrong location.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The Python API example embeds a plaintext database password directly in sample code without guidance on secure secret handling. This encourages insecure copy-paste practices, increasing the chance that credentials are hardcoded into scripts, committed to source control, or exposed in logs and shared environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The database backup routines handle plaintext credentials and pass them to external processes via command-line arguments or environment variables. This can expose secrets through process listings, crash dumps, child-process inheritance, logs, or other local inspection paths, especially on shared systems.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The restore logic extracts tar archives with tar.extractall(destination) without validating member paths, enabling path traversal via malicious archive entries. An attacker can craft a backup containing absolute paths or ../ segments to overwrite files outside the intended restore directory, which is especially dangerous in a backup/restore context where archives may be treated as trusted.

Unpinned Dependencies

Low
Category
Supply Chain
Content
schedule>=1.2.0
psutil>=5.9.6
pymysql>=1.1.0
psycopg2-binary>=2.9.9
Confidence
97% confidence
Finding
schedule>=1.2.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
schedule>=1.2.0
psutil>=5.9.6
pymysql>=1.1.0
psycopg2-binary>=2.9.9
pymongo>=4.6.0
Confidence
98% confidence
Finding
psutil>=5.9.6

Unpinned Dependencies

Low
Category
Supply Chain
Content
schedule>=1.2.0
psutil>=5.9.6
pymysql>=1.1.0
psycopg2-binary>=2.9.9
pymongo>=4.6.0
paramiko>=3.3.1
Confidence
98% confidence
Finding
pymysql>=1.1.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
schedule>=1.2.0
psutil>=5.9.6
pymysql>=1.1.0
psycopg2-binary>=2.9.9
pymongo>=4.6.0
paramiko>=3.3.1
cryptography>=41.0.7
Confidence
97% confidence
Finding
psycopg2-binary>=2.9.9

Unpinned Dependencies

Low
Category
Supply Chain
Content
psutil>=5.9.6
pymysql>=1.1.0
psycopg2-binary>=2.9.9
pymongo>=4.6.0
paramiko>=3.3.1
cryptography>=41.0.7
pytest>=7.4.0
Confidence
98% confidence
Finding
pymongo>=4.6.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pymysql>=1.1.0
psycopg2-binary>=2.9.9
pymongo>=4.6.0
paramiko>=3.3.1
cryptography>=41.0.7
pytest>=7.4.0
pytest-cov>=4.1.0
Confidence
99% confidence
Finding
paramiko>=3.3.1

Unpinned Dependencies

Low
Category
Supply Chain
Content
psycopg2-binary>=2.9.9
pymongo>=4.6.0
paramiko>=3.3.1
cryptography>=41.0.7
pytest>=7.4.0
pytest-cov>=4.1.0
Confidence
99% confidence
Finding
cryptography>=41.0.7

Unpinned Dependencies

Low
Category
Supply Chain
Content
pymongo>=4.6.0
paramiko>=3.3.1
cryptography>=41.0.7
pytest>=7.4.0
pytest-cov>=4.1.0
Confidence
94% confidence
Finding
pytest>=7.4.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
paramiko>=3.3.1
cryptography>=41.0.7
pytest>=7.4.0
pytest-cov>=4.1.0
Confidence
94% confidence
Finding
pytest-cov>=4.1.0

Known Vulnerable Dependency: pymysql — 1 advisory(ies): CVE-2024-36039 (PyMySQL SQL Injection vulnerability)

Critical
Category
Supply Chain
Confidence
88% confidence
Finding
pymysql

Known Vulnerable Dependency: pymongo — 3 advisory(ies): CVE-2024-5629 (PyMongo Out-of-bounds Read in the bson module ); CVE-2013-2132 (Use of NullPointerException Catch to Detect NULL Pointer Dereference in Pymongo); CVE-2013-2132 (bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before 2.5.2, as u)

High
Category
Supply Chain
Confidence
85% confidence
Finding
pymongo

Known Vulnerable Dependency: paramiko — 10 advisory(ies): CVE-2018-7750 (Paramiko not properly checking authentication before processing other requests); CVE-2023-48795 (Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terr); CVE-2018-1000805 (Paramiko Authentication Bypass vulnerability) +7 more

Critical
Category
Supply Chain
Confidence
90% confidence
Finding
paramiko

Known Vulnerable Dependency: cryptography — 10 advisory(ies): GHSA-39hc-v87j-747x (Vulnerable OpenSSL included in cryptography wheels); CVE-2023-50782 (Python Cryptography package vulnerable to Bleichenbacher timing oracle attack); GHSA-5cpq-8wj7-hf2v (Vulnerable OpenSSL included in cryptography wheels) +7 more

High
Category
Supply Chain
Confidence
87% confidence
Finding
cryptography

Known Vulnerable Dependency: pytest — 1 advisory(ies): CVE-2025-71176 (pytest has vulnerable tmpdir handling)

Low
Category
Supply Chain
Confidence
72% confidence
Finding
pytest

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal