Back to skill
Skillv1.0.0
VirusTotal security
Restic Home Backup (Safe Apply Mode) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:06 AM
- Hash
- 82dcfd0902afa7478886ba6265a7872e8e7834746d7c21f900e32dc8dcb22ab5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: restic-home-backup-safe Version: 1.0.0 The skill bundle is designed for a legitimate purpose (restic home backups) and implements strong safety boundaries, notably requiring an explicit `--apply` flag for system changes, as documented in SKILL.md. However, the `scripts/bootstrap_restic_home.sh` script directly uses user-provided inputs like `--user` (for `USER_NAME`) and `--timezone` (for `TIMEZONE`) in path constructions and systemd unit files without explicit sanitization. While the script's intent is benign, this lack of input validation presents a vulnerability that could potentially be exploited via prompt injection against the AI agent, leading to path traversal or command injection if malicious inputs are crafted for these parameters and downstream commands are not sufficiently robust.
- External report
- View on VirusTotal