Back to skill

Security audit

OpenClaw Complete Backup & Restore Cycle

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed backup and restore guide, but it includes powerful reinstall commands that users should verify before running.

Install only if you intend to perform a full OpenClaw backup, reinstall, and restore cycle. Before removing OpenClaw, verify that backup archives exist and can be listed or extracted, and avoid running the curl-to-bash installer blindly; download and verify the installer when possible. Restore only OpenClaw config and skills from backups you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents a destructive uninstall followed by reinstallation in a workflow that appears authoritative and 'production ready', but it does not require strong safeguards such as explicit confirmation of backups, package provenance checks, rollback guidance, or warnings about service disruption and data loss. In a backup/restore skill, destructive steps are contextually relevant, but presenting them as a routine sequence without stronger safety controls increases the risk of accidental system damage or unrecoverable loss.

External Script Fetching

High
Category
Supply Chain
Content
sudo apt remove openclaw -y

# 2. Fresh install
curl -sSL https://install.openclaw.ai | bash

# 3. Verify installation
openclaw --version
Confidence
99% confidence
Finding
curl -sSL https://install.openclaw.ai | bash

Chaining Abuse

High
Category
Tool Misuse
Content
sudo apt remove openclaw -y

# 2. Fresh install
curl -sSL https://install.openclaw.ai | bash

# 3. Verify installation
openclaw --version
Confidence
99% confidence
Finding
| bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.