Back to skill
Skillv1.0.2
VirusTotal security
Restic Home Backup · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:06 AM
- Hash
- 7e01e26744bc715d6616247137c6a2444b717f39b0c1d6818c60e15d78c69dcf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: restic-home-backup Version: 1.0.2 The skill bundle is classified as suspicious due to several critical shell injection and path traversal vulnerabilities in `scripts/bootstrap_restic_home.sh`. User-provided inputs for `--repo`, `--password-file`, `--user`, and `--timezone` are not adequately sanitized before being written into configuration files or used in commands. This could allow a malicious actor to achieve arbitrary command execution (e.g., via crafted `--repo` value), manipulate arbitrary files (via `--password-file`), or alter the backup scope (via `--user`). While the `SKILL.md` defines good safety boundaries and the script implements an `--apply` mechanism, these vulnerabilities represent significant risks without clear evidence of intentional malicious design.
- External report
- View on VirusTotal