ClawHub

Claw Backup

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed backup tool that can copy sensitive OpenClaw data to cloud storage on a schedule, but the behavior fits its stated purpose.

Install only after reviewing setup.js and the generated backup script. Prefer the git clone path, avoid the curl-to-node shortcut, test with local-only mode first, use a dedicated encrypted rclone destination, and confirm the scheduler and retention settings so you know what data is uploaded and what old backup files may be deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The generated backup script stages far more than just 'memory': it copies root markdown files, scripts, ~/.openclaw config, skills, modules, workspace data, cron jobs, and a CursorApps project tree, then archives and optionally uploads them. In a backup skill this may be intended behavior, but it is still security-relevant because users may not realize the breadth of potentially sensitive data being exfiltrated to cloud storage.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This setup tool generates a shell script that archives local data, deletes old backups, uploads to a remote rclone destination, and can be scheduled to run automatically, but it provides only limited warnings about the scope and consequences. Because the backed-up content includes configs, skills, workspaces, and project files, insufficient disclosure increases the risk of unintended persistent collection and cloud exposure of sensitive material.

External Script Fetching

Low
Category
Supply Chain
Content
3. **Quick install (not recommended):** Only use if you have already inspected the script. Do **not** run without review:
   ```bash
   curl -fsSL https://raw.githubusercontent.com/vidarbrekke/ClawBackup/main/setup.js | node
   ```
4. Follow the prompts (or use `node setup.js --defaults` for default paths). Then run the printed test command and install the scheduler as shown.
Confidence
93% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/vidarbrekke/ClawBackup/main/setup.js | node

Chaining Abuse

High
Category
Tool Misuse
Content
3. **Quick install (not recommended):** Only use if you have already inspected the script. Do **not** run without review:
   ```bash
   curl -fsSL https://raw.githubusercontent.com/vidarbrekke/ClawBackup/main/setup.js | node
   ```
4. Follow the prompts (or use `node setup.js --defaults` for default paths). Then run the printed test command and install the scheduler as shown.
Confidence
94% confidence
Finding
| node

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal