Security Audit

openclaw-backup

github.com/openclaw/skills

AI SkillCommit 9c1b8e80763e

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

openclaw-backup received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection in mkdir via unsanitized user input, Command Injection in tar command via unsanitized user input.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

100%

LLM Behavioral Safety

Behavioral Risk Signals

Filesystem Write

1 finding

Shell Execution

5 findings

Dynamic Code

4 findings

Excessive Permissions

1 finding

Security Findings5

Severity	Finding	Layer	Location
CRITICAL	Command Injection in tar command via unsanitized user input The `tar -czf "$BACKUP_FILE"` command constructs the output filename using user-controlled input (`$BACKUP_DIR`). If `$BACKUP_DIR` contains shell metacharacters (e.g., `$(command)` or backticks), these will be executed by the shell before `tar` is invoked, leading to arbitrary command execution. For example, `BACKUP_DIR="$(rm -rf /)"` would execute `rm -rf /`. Sanitize or validate the `$BACKUP_DIR` variable to ensure it does not contain shell metacharacters. A robust solution involves validating the path against a safe pattern (e.g., alphanumeric, slashes, dots, no leading hyphens, no `..`), or using `realpath` to canonicalize and then checking if it's within an allowed directory.	LLM	scripts/backup.sh:10
CRITICAL	Command Injection in ls command (rotation) via unsanitized user input The `ls -t "$BACKUP_DIR"/openclaw-*.tar.gz` command uses user-controlled input (`$BACKUP_DIR`) directly. If `$BACKUP_DIR` contains shell metacharacters (e.g., `$(command)` or backticks), these will be executed by the shell before `ls` is invoked, leading to arbitrary command execution. For example, `BACKUP_DIR="$(rm -rf /)"` would execute `rm -rf /`. Sanitize or validate the `$BACKUP_DIR` variable to ensure it does not contain shell metacharacters. A robust solution involves validating the path against a safe pattern (e.g., alphanumeric, slashes, dots, no leading hyphens, no `..`), or using `realpath` to canonicalize and then checking if it's within an allowed directory.	LLM	scripts/backup.sh:16
CRITICAL	Command Injection in ls command (count) via unsanitized user input The `ls "$BACKUP_DIR"/openclaw-*.tar.gz` command uses user-controlled input (`$BACKUP_DIR`) directly. If `$BACKUP_DIR` contains shell metacharacters (e.g., `$(command)` or backticks), these will be executed by the shell before `ls` is invoked, leading to arbitrary command execution. For example, `BACKUP_DIR="$(rm -rf /)"` would execute `rm -rf /`. Sanitize or validate the `$BACKUP_DIR` variable to ensure it does not contain shell metacharacters. A robust solution involves validating the path against a safe pattern (e.g., alphanumeric, slashes, dots, no leading hyphens, no `..`), or using `realpath` to canonicalize and then checking if it's within an allowed directory.	LLM	scripts/backup.sh:19
HIGH	Command Injection in mkdir via unsanitized user input The `mkdir -p "$BACKUP_DIR"` command uses user-controlled input (`$BACKUP_DIR`) directly. If `$BACKUP_DIR` starts with a hyphen (e.g., `-m 777`), `mkdir` might interpret it as an option, potentially leading to unexpected directory creation or option interpretation. While less severe than direct shell execution, it's a vulnerability that can be exploited. Use `mkdir -p -- "$BACKUP_DIR"` to prevent `mkdir` from interpreting user input as options. Additionally, validate `$BACKUP_DIR` to ensure it's a safe path (e.g., no leading hyphens, no shell metacharacters).	LLM	scripts/backup.sh:7
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	skills/alex3alex/openclaw-backup/scripts/backup.sh:5

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/021e81b77c602651.svg)](https://skillshield.io/report/021e81b77c602651)