Backup Restore

Security checks across malware telemetry and agentic risk

Overview

This backup skill is not malware, but it overstates recovery capability and its restore command can claim success without restoring data.

Review carefully before installing. Do not rely on this skill for disaster recovery unless the restore logic is implemented and tested, the backup path is changed to your actual OpenClaw directory, and generated backup archives are protected because they may contain private workspace and configuration data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The restore function claims to restore backups but only checks whether the file exists and then prints success without extracting or validating any contents. In a backup/restore skill, this can create dangerous false assurance: operators may believe a recovery succeeded during an incident and delay proper remediation, resulting in prolonged outage or permanent data loss.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation presents restore and scheduled backup operations without clearly warning that restore can overwrite current files and that scheduled jobs modify system state automatically. In an agent skill context that touches configuration, workspace data, skills, and multiple agent directories, insufficient safety warnings can lead to accidental destructive use, data loss, or restoration of untrusted state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal