ClawHub

Restic Home Backup (Safe Apply Mode)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent restic backup skill, but its root-level setup script accepts raw configuration values that can later be interpreted as shell commands.

Review or fix the bootstrap script before running it with sudo and --apply. Use only trusted, simple repository and password-file values, avoid shell metacharacters or newlines, inspect /etc/restic-home.env before enabling timers, confirm the repository and retention policy, and perform a restore test before relying on automated backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill directs the agent to perform shell-based installation, validation, and systemd automation tasks, including writing to privileged paths, but it does not declare permissions or clearly constrain execution scope. This mismatch can cause an agent platform or reviewer to underestimate the skill's capabilities, increasing the chance of unintended command execution or privileged changes.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill's stated purpose is restic home-directory backup setup and operations, but it also instructs the agent to package and publish via ClawHub CLI. That scope expansion introduces software supply-chain and registry interaction capabilities unrelated to the backup task, which broadens the attack surface and could lead to unauthorized publication or propagation of unsafe content.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Including ClawHub packaging/publishing in a backup skill is unjustified by the operational need of configuring restic backups. Unnecessary publication functionality creates avoidable risk by enabling external distribution actions that could be abused to publish altered skills or leak implementation details to external systems.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal