Clawdog Backup

The OpenClaw skill provides legitimate backup and restore functionality for core OpenClaw files and memory to OneDrive. However, the `scripts/restore.sh` script is vulnerable to a path traversal/tarbomb attack. When restoring from a user-specified local source (`--source`), the `tar -xzf` command extracts the archive to a temporary directory. A malicious archive could contain paths designed to write files outside this temporary directory during extraction, potentially leading to arbitrary file writes on the system. While the `cp -n` commands mitigate the final copy step, the initial extraction itself poses a risk.