Back to skill
Skillv2.0.0
VirusTotal security
myclaw-backup · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:52 AM
- Hash
- e4fb9d8f87feab3d6aebaf3d210e994dcc53abc9ad39562509eac7b0c52285e8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: myclaw-backup Version: 2.0.0 The 'myclaw-backup' skill provides functionality to archive and restore sensitive OpenClaw data, including API keys, bot tokens, and session history. It utilizes high-risk capabilities such as a network-accessible Node.js HTTP server (server.js), shell execution for backup/restore operations (backup.sh, restore.sh), and crontab modification for persistence (schedule.sh). While the skill includes significant security mitigations—such as mandatory token authentication, localhost-only restrictions for execution endpoints, and path sanitization—the broad access to system secrets and the capability to expose them via a network port align with the provided criteria for a suspicious classification.
- External report
- View on VirusTotal