ClawHub

dev-backup

Security checks across malware telemetry and agentic risk

Overview

This backup skill is locally focused and not malicious, but it needs review because restore and retention can overwrite or delete files without safeguards and one fallback path may back up files the docs say are excluded.

Review before installing. Use it only on projects where local backups are acceptable, set an explicit --project-dir and --output-dir, and avoid restore unless you have inspected the snapshot and are prepared for files in the target project to be overwritten. Do not rely on the checksum as restore-time verification, and be aware that systems without rsync may back up files the docs claim are excluded, including .env.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The restore path presents checksum information as if integrity is being checked, but it only prints the previously stored digest and never recomputes or compares hashes for the snapshot contents before restoring. This can mislead users into trusting a tampered or corrupted backup and results in silent restoration of altered files.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill advertises improved security and checksum support, but the restore flow does not validate integrity at all before copying files back into the project. In backup tooling, this creates a false sense of security and can propagate compromised or corrupted backups into a working tree.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README defines broad natural-language trigger phrases such as 'Fai un backup dello sviluppo' and similar variants that can plausibly match ordinary user conversation rather than an explicit command. In an agent-integrated context, this increases the chance of unintended invocation of backup or restore-related behavior, especially because backup/restore actions affect the filesystem and may copy large amounts of project data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The restore instructions show recursive copy operations into the project directory but do not warn that this can overwrite, merge with, or duplicate existing files, potentially corrupting the working tree or reintroducing unsafe state. In a skill meant for automated agent use, omission of this warning makes accidental destructive restores more likely because users may not realize restore is not inherently reversible or isolated.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The restore section tells users how to copy or restore snapshot contents but does not clearly warn that this can overwrite existing files in the target project directory. In a backup/restore skill, omission of an overwrite warning materially increases the chance of accidental data loss or rollback to an unintended state, especially when users follow commands verbatim.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
Restore overwrites files in the target project directory immediately, with no confirmation prompt, dry-run mode, or explicit destructive-action safeguard. If the command is pointed at the wrong directory or an unexpected snapshot, users can lose local changes or replace working files without an opportunity to stop.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The retention logic permanently deletes old snapshots automatically once the keep threshold is exceeded, without a confirmation step or recycle/quarantine mechanism. A misconfigured --keep value or unexpected snapshot ordering can therefore cause irreversible data loss.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal