ClawHub

Cloud Backup [S3 R2 B2 ..]

Security checks across malware telemetry and agentic risk

Overview

This backup skill appears purpose-aligned, but it handles powerful cloud credentials and can run scheduled backups and delete remote backup archives with limited guardrails.

Install only if you are comfortable giving this skill bucket-scoped cloud credentials. Prefer a named profile or short-lived, least-privilege credentials; protect any local config with strict permissions; test backup and restore with --dry-run; and be cautious enabling scheduled cleanup because it can permanently delete remote backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README instructs users to place highly sensitive cloud credentials and potentially a GPG passphrase into configuration without a prominent warning about secret handling risks, rotation, and access control. In a backup skill, these secrets can grant direct access to stored backups or decryption capability, so weak operator guidance increases the chance of credential leakage and compromise.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The documented restore command implies a potentially destructive operation but does not clearly warn that restore may overwrite local configuration or other backed-up data. In the context of a configuration backup tool, users may run restore without understanding the blast radius, leading to accidental data loss, rollback of secure settings, or restoration of tampered content.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs users to provide cloud access keys and secret keys directly to the agent during setup, but does not include a clear warning about the sensitivity of those credentials, their scope, or safer alternatives. This increases the risk of credential exposure through chat logs, agent memory, telemetry, or mishandling by downstream tools, especially because these are long-lived secrets that can grant direct access to backup data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to place long-lived cloud access keys in `~/.openclaw-cloud-backup.conf` but does not warn that this is a plaintext local secret store that may be readable by other local users, included in backups, or leaked through shell history, support bundles, or misconfigured permissions. In the context of a backup skill, these credentials grant access to backup data and deletion capability, so compromise can expose sensitive backups or enable destructive tampering.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The cleanup command performs permanent deletion of remote backups based only on retention settings, with no confirmation prompt, preview, or explicit opt-in at the point of deletion. In a backup/restore skill, accidental destructive actions are especially risky because misconfiguration of PREFIX, BUCKET, or retention values can silently remove recovery data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal