Backup To Telnyx Storage

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Telnyx cloud backup skill, but it should be treated as sensitive because it uploads and restores OpenClaw workspace data.

Install this only if you intentionally want OpenClaw workspace files backed up to Telnyx Storage. Use a private bucket and least-privileged Telnyx credentials, review the backed-up files for secrets, choose MAX_BACKUPS carefully because old backups may be deleted, enable cron only if recurring uploads are desired, and restore only from backups you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (7)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 80% confidence
Finding: The documentation claims 'no external dependencies' and frames the workflow as simple, but the skill actually depends on the Telnyx CLI and optionally boto3, and reportedly performs bucket creation and retention-based deletion. This mismatch can cause users to authorize or run the skill without understanding that it can modify remote storage state and delete backups, increasing the chance of accidental data loss or unsafe deployment.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: Restore operations write files into a workspace and may overwrite existing data, but the instructions omit any warning, confirmation step, or safety guidance. In the context of backing up/restoring agent state, this is dangerous because it can destroy or corrupt current workspace files, memories, scripts, or configuration with a single command.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script archives core workspace files and uploads them to Telnyx Storage without any confirmation prompt, explicit disclosure of remote transmission, or safeguards around sensitive contents. In this skill context, the workspace appears to contain identity, memory, guardrails, integrations, and scripts, which may include secrets or highly sensitive operational data, so silent off-host transfer meaningfully increases confidentiality risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script automatically prunes older remote backups based on MAX_BACKUPS with no explicit warning, dry-run mode, or retention confirmation, which can lead to irreversible deletion of recovery data. In a backup skill, silent destructive behavior is especially risky because users may assume backups are append-only and rely on retained history for restoration after corruption or compromise.

Credential Access

High

Category: Privilege Escalation
Content: if key: return key # 2. Check .env files in workspace for env_path in [WORKSPACE / ".env", WORKSPACE / ".env.telnyx", Path(__file__).parent / ".env"]: if env_path.exists():
Confidence: 87% confidence
Finding: .env

Credential Access

High

Category: Privilege Escalation
Content: return key # 2. Check .env files in workspace for env_path in [WORKSPACE / ".env", WORKSPACE / ".env.telnyx", Path(__file__).parent / ".env"]: if env_path.exists(): for line in env_path.read_text().splitlines():
Confidence: 87% confidence
Finding: .env"

Credential Access

High

Category: Privilege Escalation
Content: # 2. Check .env files in workspace for env_path in [WORKSPACE / ".env", WORKSPACE / ".env.telnyx", Path(__file__).parent / ".env"]: if env_path.exists(): for line in env_path.read_text().splitlines(): line = line.strip()
Confidence: 87% confidence
Finding: .env"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal