ClawHub

Time Clawshine — OpenClaw Time Machine

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed local backup and restore skill with high system access, but its behavior is purpose-aligned and external sharing is off by default.

Before installing, review the configured backup paths because snapshots may include secrets from OpenClaw memory, sessions, and configs. Run setup.sh --dry-run first, back up the restic password file separately, and only disable privacy.local_only or use restore-to-root, prune, or uninstall --purge after confirming the data and system impact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
The documentation is internally inconsistent about when Telegram notifications are sent: earlier sections describe daily digests and possibly non-failure notifications, while later text says Telegram fires only on failure. Misleading security/privacy documentation can cause users to enable integrations under false assumptions, potentially leaking operational metadata or backup-health information externally.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide presents the destructive `uninstall.sh --purge` command directly after noting it is irreversible, but it does not require a separate explicit confirmation step, a typed acknowledgement, or a preview of exactly what will be deleted. In an interactive agent setup flow, users may follow suggested commands quickly, so this increases the chance of accidental permanent deletion of backup repositories and password files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal