myclaw-backup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill’s examples and workflows require passing a gateway/token value directly on the command line and in URLs (e.g., --token MYTOKEN and ?token=MYTOKEN), which forces any agent reproducing those commands or migration steps to include secret values verbatim in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill exposes the agent to untrusted third‑party content because its HTTP API (scripts/server.js / serve.sh) accepts remote uploads (POST /upload) of arbitrary .tar.gz backups which the restore workflow writes into ~/.openclaw and SKILL.md explicitly instructs the Agent to read workspace/.restore-complete.json and workspace/USER.md after restore to generate/send a recovery report (i.e., restored, user-supplied content is read and used to drive agent behavior), so uploaded content can materially influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill instructs the agent to modify system state (notably a script that "modifies your system crontab"), overwrite configuration/credentials during restore, and run services that can persist or expose sensitive data, which are privileged/state-changing operations and thus flagged.