ClawHub

Proton Drive Backup

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Proton Drive backup skill, but it can copy sensitive OpenClaw files into cloud-synced storage and prunes old backup copies automatically.

Install only if you intentionally want these OpenClaw files backed up through Proton Drive. Before running it, review the hardcoded Proton Drive folder, check whether openclaw.json, memory files, agent markdown, LaunchAgent plists, drafts, media, or Docker volumes contain sensitive data, and remember that old backup copies are pruned automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This script copies multiple potentially sensitive local artifacts into a cloud-synced Proton Drive folder, including launch agent definitions, application config, memory files, agent files, and generated content, without any interactive confirmation, explicit warning, or scoping controls. In a backup skill, exfiltration to cloud storage is part of the functionality, but the lack of user-visible disclosure and selective opt-in increases the risk of unintentionally transmitting secrets, internal prompts, credentials, or personal data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The retention logic permanently deletes backups and artifacts with find -delete and rm-based pruning, but the script does not provide a warning, dry-run mode, or safety interlock before destructive cleanup occurs. That creates a real risk of silent data loss, especially if retention windows are misunderstood or if the Proton path is misconfigured but still resolves to a valid directory tree.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
done
    # Keep only last 3 backups per volume
    for vol in langfuse_postgres_data langfuse_clickhouse_data qdrant_data weaviate_data pgvector_data; do
        ls -t "$PROTON/Artifacts/docker-backups/${vol}_"*.tar.gz 2>/dev/null | tail -n +4 | xargs rm -f 2>/dev/null || true
    done
    echo "  ✅ Docker volumes backed up"
else
Confidence
90% confidence
Finding
rm -f 2>/dev/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# Docker volume backups: keep last 3 per volume type
for pattern in langfuse_postgres langfuse_clickhouse qdrant weaviate pgvector grafana; do
    ls -t "$PROTON/Artifacts/docker-backups/${pattern}"*.tar.gz 2>/dev/null | tail -n +4 | xargs rm -f 2>/dev/null || true
done

echo "  ✅ Truncation complete"
Confidence
90% confidence
Finding
rm -f 2>/dev/

Chaining Abuse

High
Category
Tool Misuse
Content
done
    # Keep only last 3 backups per volume
    for vol in langfuse_postgres_data langfuse_clickhouse_data qdrant_data weaviate_data pgvector_data; do
        ls -t "$PROTON/Artifacts/docker-backups/${vol}_"*.tar.gz 2>/dev/null | tail -n +4 | xargs rm -f 2>/dev/null || true
    done
    echo "  ✅ Docker volumes backed up"
else
Confidence
88% confidence
Finding
| xargs rm

Chaining Abuse

High
Category
Tool Misuse
Content
# Docker volume backups: keep last 3 per volume type
for pattern in langfuse_postgres langfuse_clickhouse qdrant weaviate pgvector grafana; do
    ls -t "$PROTON/Artifacts/docker-backups/${pattern}"*.tar.gz 2>/dev/null | tail -n +4 | xargs rm -f 2>/dev/null || true
done

echo "  ✅ Truncation complete"
Confidence
88% confidence
Finding
| xargs rm

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal