ClawHub

Elegant Sync

Security checks across malware telemetry and agentic risk

Overview

This is a real backup/sync skill, but it uploads sensitive OpenClaw workspace data to a remote Git repository with weak scoping and credential-safety controls.

Review before installing. Use only a private dedicated repository, create a fine-grained least-privilege token, restrict ~/.openclaw/.backup.env permissions, run --dry-run first, add explicit ignore rules for secrets, inspect skill directories for .env/openclaw.json/credentials files, and understand that sync force-pushes to the configured remote branch.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The tool is presented as a configuration sync utility, but it also stages and pushes the entire skills directory and markdown memory content to a remote Git repository. In this context, those paths can contain sensitive prompts, agent memories, private notes, or embedded secrets, so the mismatch increases the risk of unintended data exfiltration.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to place a GitHub token in a local config file for syncing to a remote repository, but it does not warn about token scope minimization, storage risks, accidental disclosure, or the privacy implications of uploading OpenClaw data. This can lead users to overprivilege tokens or sync sensitive configuration and memory content to a public or compromised repository without understanding the consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The backup token is inserted directly into the remote Git URL used in shell commands. Even though some error text is redacted, embedding credentials in command strings can expose them via process listings, shell history, crash logs, or downstream tooling, making credential theft more likely.

Missing User Warnings

High
Confidence
93% confidence
Finding
The sync flow performs recursive copying, staging deletion, and force-pushes to a remote branch without confirmation or a strong warning. In a backup tool handling agent state, this can overwrite remote history and upload more data than intended, turning user mistakes or malicious local content into destructive or privacy-impacting outcomes.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal