ClawHub

self-backup

Security checks across malware telemetry and agentic risk

Overview

This backup skill is transparent about sending OpenClaw workspace state to GitHub, but it handles sensitive memory/profile files and remote git writes with too little scoping and confirmation.

Install only if you are comfortable sending your OpenClaw workspace state, including memory and profile-style files, to the configured GitHub repository. Use a private repo at minimum, review the exact file list before each run, avoid force-push mode unless you intend to overwrite history, and consider excluding or encrypting MEMORY.md, SOUL.md, USER.md, logs, credentials, and other free-form notes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs users to back up highly sensitive workspace content including personal profile data, memory logs, and behavioral/configuration files to GitHub, but it does not provide a prominent warning about the privacy implications of transmitting this data to a third-party service. Even if the repository is intended to be private and some tokens are sanitized, these files can still contain sensitive personal information, operational context, or secrets that are not covered by the stated redaction.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script clones a remote repository and later pushes copied workspace content to it without an explicit confirmation gate or a clear preflight summary of what will leave the machine. In a backup skill context, this can cause users to unintentionally exfiltrate sensitive workspace files, scripts, memory notes, and metadata to a remote GitHub repository they may have misconfigured or not fully reviewed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Supporting git push --force without a separate confirmation step enables destructive overwrite of the remote repository history and contents. In a backup tool, this is particularly risky because users may expect preservation semantics, but a misused or automated invocation can erase prior backups or overwrite a legitimate remote state.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script writes a persistent executable configuration file to disk without clearly warning the user or asking for confirmation. While the values written here are not highly sensitive by themselves, silently creating files in the project tree can surprise users, overwrite existing configuration, or normalize unsafe handling of local configuration state.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: self-backup
description: Backup important OpenClaw workspace files to a GitHub repository. Use when: (1) user wants to backup workspace configuration, (2) sync OpenClaw settings to GitHub, (3) preserve automation scripts and personal configuration, (4) create remote backup of AGENTS.md, SOUL.md, MEMORY.md, and other workspace files. Configurable for any GitHub repository.
---

# Self Backup
Confidence
92% confidence
Finding
create remote backup of AGENTS.md, SOUL.md, MEMORY.md, and other workspace files. Configurable for any GitHub repository. --- # Self Backup Backup critical OpenClaw workspace files to your GitHub re

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal