OpenClaw Backup R2

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a real backup-and-restore skill, but it needs Review because it handles credentials, cloud uploads, scheduled execution, and live OpenClaw replacement with insufficient scoping and confirmation.

Install only if you deliberately want a full OpenClaw backup system that can upload credentials and agent state to your own Cloudflare R2 bucket. Before running it, verify the R2 destination, protect `.env` and `.restic-pass`, test restore non-destructively first, and do not run the real restore unless you are ready for it to replace the active `.openclaw` directory.

SkillSpector (3)

By NVIDIA

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README instructs users to run a restore process that installs data into %USERPROFILE%\.openclaw and notes that the current directory is preserved as a timestamped backup, but it does not clearly warn that the live installation will be replaced and that any newer local changes may be lost or rolled back. In a backup/restore skill handling credentials, agents, and configuration, this omission can lead to accidental destructive operations, confusion during recovery, and exposure of sensitive restored state if users assume the action is non-invasive.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger list contains generic phrases like 'automatic backup', 'disaster recovery', and 'moving to a new machine' that can match broad user intents unrelated to this specific backup skill. In an agent ecosystem, overly broad activation can cause the skill to be selected inappropriately, increasing the chance of exposing sensitive backup/restore workflows or prompting users toward operations involving credentials and off-site storage without clear intent.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The manifest explicitly advertises backing up sensitive material including credentials to a third-party cloud service, but provides no explicit warning about privacy, key management, retention, or the consequences of uploading secrets off-device. Even with encryption claims, users may not understand that misconfiguration, weak password handling, or accidental repository sharing could expose highly sensitive OpenClaw data.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal