Back to skill

Security audit

Clawdbot Backup

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed backup-and-sync guide for ClawdBot configuration, but users should treat the copied data as sensitive and use the destructive sync examples carefully.

Install only if you want to back up or sync ClawdBot state. Keep archives and git/cloud remotes private, review staged files before git add/git push, run rsync with --dry-run before using --delete, and be aware that restores may overwrite local machine-specific settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documentation says machine-specific settings should not be overwritten, but the backup script includes settings.local.json in full backups and restore extracts archives into $HOME without excluding it. That contradiction can cause accidental propagation of host-specific configuration, credentials, or paths onto another machine and may break local security assumptions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The Git workflow encourages users to git add . and push their entire ~/.claude directory to a remote repository, but it does not clearly warn that this may include sensitive configuration, MCP server details, tokens, prompts, contexts, or other private data. Users may unintentionally publish or share secrets to external infrastructure, especially if the repo is made public or access controls are weak.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The rsync and cloud-sync sections copy local configuration to remote servers or cloud folders and use overwrite-capable synchronization, including --delete, without a prominent warning about data disclosure or destructive sync behavior. This can expose private configuration to third parties and can also delete or overwrite local or remote files if paths are misconfigured or stale.

Chaining Abuse

High
Category
Tool Misuse
Content
if [ "$count" -gt "$MAX_BACKUPS" ]; then
        local to_delete=$((count - MAX_BACKUPS))
        ls -1t *.tar.gz | tail -n "$to_delete" | xargs rm -v
        log_info "Removed $to_delete old backup(s)"
    else
        log_info "No cleanup needed ($count backups)"
Confidence
74% confidence
Finding
| xargs rm

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.