Trust Assessment
openclaw-backup received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 34 findings: 18 critical, 15 high, 1 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Network egress to untrusted endpoints, File read + network send exfiltration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings34
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:457 | |
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:12 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:33 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:61 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:62 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:63 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:64 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:67 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:68 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:72 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:486 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:492 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:499 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:502 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:505 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:529 | |
| CRITICAL | File read + network send exfiltration AI agent config/credential file access Remove access to sensitive files not required by the skill's stated purpose. SSH keys, cloud credentials, and browser data should never be read by skills unless explicitly part of their declared functionality. | Manifest | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:567 | |
| CRITICAL | Command Injection in restore_backup function via unsanitized input The `restore_backup` function in the `openclaw-backup.sh` script directly uses unsanitized user input (`$1`, assigned to `backup_file`) in critical shell commands: `sha256sum` and `tar`. A malicious user can inject arbitrary shell commands by crafting the `backup_file` argument with shell metacharacters (e.g., `;`, `|`, `&`, `$()`). This allows for arbitrary command execution with the privileges of the user running the script, potentially leading to data loss, unauthorized access, or system compromise. To prevent command injection, sanitize the `backup_file` argument before using it in shell commands. Ensure it only contains valid file path characters, or use robust shell quoting mechanisms like `printf %q` if the filename might legitimately contain special characters. A safer approach is to validate the input against a strict regex for valid filenames and ensure the path refers to an existing, regular file. For `tar` and `sha256sum`, ensure the argument is treated as a literal file path and not interpreted as a command. For example, you could use `file_path=$(printf %q "$backup_file")` and then use `$file_path` in the commands, or strictly validate the input to ensure it's a safe filename. | LLM | SKILL.md:198 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:33 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:61 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:62 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:63 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:64 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:67 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:68 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:72 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:486 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:492 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:499 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:502 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:505 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:529 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.claude/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:567 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/hightower6eu/openclaw-backup-dnkxm/SKILL.md:83 |
Scan History
Embed Code
[](https://skillshield.io/report/03931704e537c14f)
Powered by SkillShield