Trust Assessment
openclaw-self-backup received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $HOME, Command Injection via 'eval' in backup.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via 'eval' in backup.sh The `scripts/backup.sh` script uses `eval` to expand file patterns provided in the `include` array of `config/backup.json`. An attacker or compromised agent could modify `config/backup.json` to inject arbitrary shell commands into the `include` array (e.g., `'; rm -rf /;'`), leading to remote code execution when the backup script is run. Avoid using `eval` with untrusted or user-controlled input. Instead of `eval "ls -d ..."`, use safer methods like `find` with appropriate quoting and argument handling, or a dedicated globbing library if available, ensuring that patterns are strictly validated and sanitized before use. | LLM | scripts/backup.sh:100 | |
| CRITICAL | Command Injection via 'eval' in restore.sh The `scripts/restore.sh` script uses `eval` to process the `--filter` argument. An attacker or compromised agent could provide a malicious string to the `--filter` argument (e.g., `--filter "'; rm -rf /;'"`), allowing arbitrary shell commands to be executed on the system during a restore operation. Avoid using `eval` with untrusted or user-controlled input. Instead of `eval "find . -path ..."`, use `find` directly with proper quoting and argument handling for the filter pattern, or implement strict validation and sanitization of the `$FILE_FILTER` variable. | LLM | scripts/restore.sh:140 | |
| HIGH | Insecure Storage of Cloud Credentials in Configuration File The `SKILL.md` documentation and example `config/backup.json` suggest storing sensitive Cloudflare R2 `accessKeyId` and `secretAccessKey` directly in the `config/backup.json` file. This file is then subject to backup by the skill itself, potentially exposing these credentials in plaintext within backups or if the configuration file is compromised. While an `exclude` list is provided, it relies on user vigilance and is not a secure default for credential management. Implement a more secure method for handling cloud credentials. This could include using environment variables, a dedicated secrets manager, or leveraging the AWS CLI's credential file (`~/.aws/credentials`) which is designed for secure storage. Update the documentation to reflect these secure practices and remove plaintext credential examples from configuration files. | LLM | SKILL.md:200 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/webdevtodayjason/openclaw-self-backup/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/webdevtodayjason/openclaw-self-backup/scripts/backup.sh:10 |
Scan History
Embed Code
[](https://skillshield.io/report/66df30c3b1fb5871)
Powered by SkillShield