ClawHub

Openclaw Complete Backup Delete Fresh Install Restore Cycle

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenClaw backup and restore runbook, but it gives users high-impact destructive and privileged commands without enough safeguards.

Install only if you intentionally need an OpenClaw disaster-recovery runbook and are comfortable reviewing shell commands before running them. Before any delete, reinstall, restore, or cleanup step, verify the backup exists and restores correctly, protect credential backups with strict permissions or encryption, avoid curl-to-shell unless you independently trust and verify the source, and prefer moving old state aside over permanent deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill includes software installation and, critically, a fallback that executes a remote installer with `curl ... | sh`. In a backup/restore skill, this expands scope from data recovery into remote code execution, creating supply-chain and command-execution risk if the endpoint or network path is compromised.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
These instructions modify global binaries and `/usr/local/bin` symlinks, potentially overriding trusted commands system-wide. In a backup/restore workflow, altering PATH-resolved executables increases the chance of persistence, misexecution, or accidental replacement with the wrong binary.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs users to back up credentials and API keys without prominent handling guidance for sensitive secrets. That increases risk of secret exposure through permissive backup locations, copied manifests, or later mishandling of backup archives.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill includes uninstall and deletion steps that can permanently remove binaries and state without a strong, in-line irreversibility warning or confirmation gate. In a recovery context this is especially dangerous because users may follow the sequence mechanically and destroy the only working installation or recovery path.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Piping a remote script directly from `curl` into `sh` executes unaudited code from the network with no integrity verification. This is a classic remote code execution and supply-chain risk, made worse here because the workflow expects root/sudo-capable operators.

Missing User Warnings

High
Confidence
97% confidence
Finding
The restore path includes `rm -rf ~/.openclaw` immediately before rebuilding state, which can irreversibly delete user data if the backup path is wrong, incomplete, or maliciously influenced. The absence of a warning or preflight validation at the point of deletion materially raises the chance of destructive loss.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The cleanup step permanently deletes older backups with `xargs rm -f` and modifies retention defaults without emphasizing loss of recovery points. In backup workflows, silent reduction of retained restore points directly weakens resilience and can turn a recoverable incident into permanent loss.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal