openclaw-backup
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill targets high-value agent data files like
SOUL.mdandMEMORY.mdfor upload tosoul-upload.com. These files typically contain sensitive agent history, persona definitions, and long-term memory, which are sent to a non-whitelisted external domain. - [COMMAND_EXECUTION] (MEDIUM): The README documentation indicates the skill relies on
tarandopensslsystem commands. This implies the underlyingbackup.pyscript likely uses subprocess calls which, if not properly sanitized against malicious filenames or shell characters, could lead to command injection. - [CREDENTIALS_UNSAFE] (MEDIUM): The skill stores generated encryption passwords in a local plaintext file named
.openclaw-backup-recovery.txt. This creates a credential exposure risk for the workspace, as any local process can read the keys required to decrypt the backups.
Recommendations
- AI detected serious security threats
Audit Metadata