ClawHub

myclaw-backup

Security checks across malware telemetry and agentic risk

Overview

This appears to be a genuine backup/restore skill, but it deserves Review because it handles full OpenClaw secrets and persistent state while under-declaring some filesystem and cron behavior and silently pruning old backups.

Install only if you trust this publisher with the full contents of your OpenClaw instance, including API keys, bot tokens, credentials, sessions, memory, and installed skills. Keep the HTTP server local when possible, use a strong token and TLS for any network exposure, protect backup archives, run restore dry-runs first, and be aware that scheduled backups modify crontab and old backup archives may be pruned automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Scope Creep

Medium
Confidence
94% confidence
Finding
The documented behavior exceeds the declared permission scope: backups are written to locations like `/tmp/openclaw-backups/`, downloads/uploads operate on archive files outside `~/.openclaw`, and scheduling modifies the user's crontab. This creates a trust mismatch where operators may rely on the manifest while the skill's actual behavior touches broader filesystem and persistence surfaces.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script automatically deletes older backup archives once more than seven exist, without an explicit opt-in or dry-run mode. In a backup tool handling disaster recovery data, silent retention pruning can cause irreversible data loss and may remove the only clean snapshot available after compromise or corruption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal