ClawHub

Restic Home Backup

Security checks across malware telemetry and agentic risk

Overview

This backup skill is mostly coherent, but its root-run setup script can turn malformed repository or path inputs into privileged command execution or unsafe file writes.

Review before installing. Run only in plan mode first, avoid untrusted or generated values for --repo, --password-file, --user, and --timezone, inspect /etc/restic-home.env before enabling services, and use a dedicated restic repository before enabling the prune timer. The skill does not look intentionally malicious, but it needs hardening before root-level use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
84% confidence
Finding
The skill clearly instructs shell-based system operations such as creating files under /etc and /usr/local/bin, initializing backups, and managing systemd units, yet no permissions are declared. This creates a trust and enforcement gap: a host platform may not correctly constrain or warn about the skill's capability to perform privileged filesystem and service-management actions.

Credential Access

High
Category
Privilege Escalation
Content
cat >/usr/local/bin/restic-home-backup.sh <<'EOF'
#!/usr/bin/env bash
set -euo pipefail
source /etc/restic-home.env
exec /usr/bin/restic backup "$BACKUP_SOURCE" --exclude-file "$EXCLUDES_FILE"
EOF
chmod 755 /usr/local/bin/restic-home-backup.sh
Confidence
78% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
cat >/usr/local/bin/restic-home-prune.sh <<'EOF'
#!/usr/bin/env bash
set -euo pipefail
source /etc/restic-home.env
exec /usr/bin/restic forget --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune
EOF
chmod 755 /usr/local/bin/restic-home-prune.sh
Confidence
78% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
cat >/usr/local/bin/restic-home-check.sh <<'EOF'
#!/usr/bin/env bash
set -euo pipefail
source /etc/restic-home.env
exec /usr/bin/restic check
EOF
chmod 755 /usr/local/bin/restic-home-check.sh
Confidence
78% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
fi

if [[ "$INIT_REPO" == "yes" ]]; then
  source /etc/restic-home.env
  if ! /usr/bin/restic snapshots >/dev/null 2>&1; then
    /usr/bin/restic init
  fi
Confidence
80% confidence
Finding
.env

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal