Healthy Backup

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate OpenClaw backup helper, with disclosed sensitive-file handling that users should configure carefully.

Before installing, run --dry-run, choose the smallest backup tier that meets your recovery needs, keep backup.key chmod 600 and out of cloud/shared folders, verify that the backup root is private, and do not rely on the stale checksum block in SKILL.md without comparing against trusted package metadata.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The setup flow offers to create and persist the backup encryption password in a local file, but it does not clearly warn the user that this writes a long-lived secret to disk. Storing the decryption key on the same system as the backups weakens the protection model: any attacker who later gains access to the account can potentially recover both the encrypted backups and the key.

Credential Access

High

Category: Privilege Escalation
Content: | What | Why | Sensitive? | |------|-----|-----------| | `~/.openclaw/openclaw.json` | Load config + stage (scrubbed copy) | Sensitive fields redacted before staging | | `~/.openclaw/shared/secrets/openclaw-secrets.env` | Extract variable *names* for manifest | Values never written; file never copied | | `~/.openclaw/credentials/backup.key` | Load encryption password | Read into memory only; file excluded from rsync | | `~/.openclaw/` (migratable+) | rsync to staging | Secrets paths hard-excluded | | Workspace + skills dirs (full tier) | rsync to staging | Secrets paths hard-excluded |
Confidence: 71% confidence
Finding: secrets.env

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal