ClawHub

3-Tier Auto-Backup Daily Snapshots, Drive Mirror & Emergency Recovery

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local backup and recovery guide with a local emergency chat page, but users should be careful with destructive restore commands.

Install only if you want a local backup guide and emergency local-Ollama chat file. Review any `daily-backup.ps1` you create before scheduling it, verify backup and restore paths carefully, avoid `robocopy /MIR` until you understand it may delete destination files, and treat backup locations as sensitive copies of your workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file implements a live interactive chat client that connects to a local Ollama inference service, which is outside the stated backup/export-only purpose of the skill. This capability expands the attack surface by allowing arbitrary user-entered prompts to be transmitted to a local model service and could mislead users about what the skill actually does.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Adding an interactive local-LLM chat interface is not justified by the described backup and recovery use case, creating unnecessary functionality with security and privacy implications. Even though the endpoint is localhost, the page becomes a bridge to another service and can expose user-entered or recovered sensitive content to that service without a backup-specific need.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The restore instruction uses `robocopy ... /MIR`, which mirrors the source to the destination by deleting files in the destination that are not present in the source. In a backup/restore skill, presenting this as a normal restore step without an explicit warning or safer alternative creates a real risk of irreversible data loss if a user points `{WORKSPACE}` at the wrong path or restores from an incomplete mirror.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal