ClawHub

Openclaw Backup 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This backup-and-restore skill is purpose-aligned, but it handles the full OpenClaw state, including secrets, and gives destructive restore commands without enough safety guidance.

Review this before installing if you rely on OpenClaw credentials or local agent state. Treat any backup produced by this skill as sensitive, store it encrypted or access-restricted, verify paths before restore, and do not run the destructive restore commands unless you have confirmed the backup is valid and you can recover the current ~/.openclaw directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs users to back up highly sensitive material including credentials, tokens, session data, and user files, but provides no warning about securing the archive or the destructive nature of restore steps. This can lead to secret exposure through poorly protected backup files and accidental data loss when replacing the existing ~/.openclaw directory during restore.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The restore and rollback instructions include destructive operations (`mv ~/.openclaw ~/.openclaw-old` and `rm -rf ~/.openclaw`) without explicit warnings about data loss, overwrite behavior, or prerequisite validation. In a backup/restore skill, users are likely to copy-paste commands directly, so missing safeguards can lead to accidental deletion of the active state or loss of the only recoverable copy if paths or steps are mistyped.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal