ClawHub

OC Backup

Security checks across malware telemetry and agentic risk

Overview

This is a local OpenClaw backup tool that openly copies sensitive OpenClaw files, so it should be handled carefully but does not show hidden or malicious behavior.

Install only if you intentionally want local OpenClaw backups. Run `--dry-run` first, avoid broad conversational triggers unless your agent confirms the scope, keep backup archives private, do not sync or share them casually, and encrypt or restrict access to any backup that includes `.env`, device data, or memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrase "备份" is extremely generic and likely to appear in normal conversation, which can cause accidental invocation of a privileged backup workflow. In this skill's context, unintended activation is more dangerous because the documented behavior includes collecting and archiving sensitive files such as .env, configuration, memory, devices, and custom skills.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The natural-language examples are broad and ambiguous, encouraging the agent to infer intent from ordinary phrases rather than requiring a clear command boundary. Because this skill handles sensitive data and can perform filesystem actions, loose invocation rules increase the risk of unintended backups, privacy exposure, and storage of confidential material in backup locations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The backup format explicitly includes highly sensitive material such as `.env`, device configuration, authentication-related files, user/workspace memory, and other potentially secret-bearing data, but the backup-output section does not prominently require encryption, strict access controls, or secret minimization. In a backup skill, this is dangerous because operators may reasonably treat the archive as routine data and exfiltrate or store it insecurely, leading to credential disclosure and privacy compromise.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script explicitly includes ~/.openclaw/.env in backups, which likely contains API keys or other secrets, but it creates an unencrypted tar.gz archive with no interactive warning, encryption, or permission hardening at backup time. If the backup directory is accessible to other local users, synced to cloud storage, or exfiltrated, credential compromise can follow directly.

Credential Access

High
Category
Privilege Escalation
Content
targetDir: 'system',
    files: [
      { name: 'openclaw.json', sensitive: false },
      { name: '.env', sensitive: true },
      { name: 'exec-approvals.json', sensitive: false }
    ]
  },
Confidence
98% confidence
Finding
.env'

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal