openclaw2backup

Security checks across malware telemetry and agentic risk

Overview

This appears to be a backup and restore skill, but it needs review because it can handle sensitive wallet, memory, configuration, and workspace data while the referenced scripts are not included for inspection.

Install only if you intend to give this skill broad authority over OpenClaw backups and restores. Treat generated ZIP files as sensitive because they may contain wallet configuration, memory content, credentials, repository history, and personal workspace data; store them encrypted or in a protected location. Before restoring, verify the backup source, use DryRun where possible, and obtain/review the referenced scripts from a trusted source because they were not included in the reviewed package.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Intent-Code Divergence

Medium

Confidence: 86% confidence
Finding: The examples and restore parameters explicitly mention backing up and restoring FluxA Wallet data, but the earlier capability description never discloses that wallet-related material is in scope. In a backup skill, undocumented inclusion of wallet or credential-bearing data materially changes the sensitivity of the operation and can cause users to expose or restore highly sensitive secrets without informed consent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README documents restore behavior and lists backup contents including wallet configuration and memory files, but it does not prominently warn that restoring can overwrite current state or that backup archives may contain highly sensitive data. In a backup/restore skill, unclear safety guidance can lead users to expose secrets or unintentionally destroy current configurations and workspace data.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill describes backup behavior but does not clearly warn that archives may contain sensitive configuration, memory files, skills, and wallet-related data. Users may store these ZIPs in insecure locations or share them for support/migration, unintentionally leaking credentials, tokens, private keys, or other secrets contained in the backup.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The restore and deletion features are operationally destructive but the documentation does not prominently warn that restore can overwrite current data and deletion can permanently remove backups. Even with mentions of .bak and DryRun elsewhere, the lack of a clear up-front warning increases the chance of accidental data loss or unsafe operator actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal