Trust Assessment
openclaw-backup-optimized received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 9 findings: 3 critical, 1 high, 3 medium, and 2 low severity. Key findings include Arbitrary command execution, Sensitive environment variable access: $HOME, Unpinned npm dependency version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings9
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/cccarv82/openclaw-backup-optimized/scripts/backup.js:6 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/cccarv82/openclaw-backup-optimized/scripts/backup.js:65 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/cccarv82/openclaw-backup-optimized/scripts/backup.js:188 | |
| HIGH | Unvalidated Git Repository URL for Backup The skill pushes a full backup of the `~/.openclaw` directory to a Git repository specified by the `BACKUP_REPO_URL` environment variable. If an attacker can manipulate this environment variable, they can redirect the sensitive backup data to an arbitrary, potentially malicious, remote repository, leading to data exfiltration. The script does not perform any validation or whitelisting of the provided URL. Implement strict validation or whitelisting for `BACKUP_REPO_URL` to ensure it points to a trusted destination. Ensure that this environment variable is set by a trusted source and cannot be easily manipulated by an attacker. If possible, use a platform-provided secure storage mechanism instead of direct Git pushes to arbitrary URLs. | LLM | scripts/backup.js:17 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/cccarv82/openclaw-backup-optimized/SKILL.md:28 | |
| MEDIUM | Unpinned npm dependency version Dependency 'minimatch' is not pinned to an exact version ('^9.0.5'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/cccarv82/openclaw-backup-optimized/scripts/package.json | |
| MEDIUM | Broad Backup Scope Controlled by Environment Variable The skill performs a full backup of the directory specified by `OPENCLAW_HOME` (defaulting to `~/.openclaw`). While this is the intended function of a backup skill, if an attacker can manipulate the `OPENCLAW_HOME` environment variable, they could potentially cause the skill to back up arbitrary sensitive directories on the system. This broad access, combined with the data exfiltration risk of `BACKUP_REPO_URL`, amplifies the potential impact. Validate `OPENCLAW_HOME` to ensure it points to an expected and safe location, or restrict it to a predefined set of paths. Consider if the `openclaw` platform can enforce stricter sandboxing for skill execution to limit filesystem access. | LLM | scripts/backup.js:15 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/cccarv82/openclaw-backup-optimized/scripts/package.json | |
| LOW | Unpinned Dependencies in package.json The `package.json` file uses caret (`^`) ranges for `minimatch` and `tar` dependencies. This allows for automatic updates to minor and patch versions, which could inadvertently introduce vulnerabilities or malicious code if a dependency maintainer's account is compromised or a malicious package is published. While these are common and generally trusted libraries, pinning to exact versions or using a lock file provides stronger supply chain security. Pin all dependencies to exact versions (e.g., `"minimatch": "9.0.5"`) and commit a `package-lock.json` file to ensure deterministic builds and prevent unexpected dependency updates. | LLM | scripts/package.json:5 |
Scan History
Embed Code
[](https://skillshield.io/report/44f1ea064c3b441b)
Powered by SkillShield