Skill Trust Decision
openclaw-backup
Skill claims to include PowerShell backup scripts that do not exist in the package, creating a doc-to-code mismatch. The skill references backing up 'FluxA Wallet' (crypto wallet) and OpenClaw configs without providing actual implementation files.
Most direct threat evidence
High Doc Mismatch
Missing implementation scripts SKILL.md and README.md describe four PowerShell scripts (quick_backup.ps1, full_backup.ps1, restore_backup.ps1, list_backups.ps1) but the scripts/ directory does not exist in the package. Only documentation files are present.
SKILL.md:117 Why this conclusion was reached
1/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Review
Hidden execution and egress
3 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 1 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
What drove the risk score up
Missing implementation files +25
SKILL.md and README.md describe 4 PowerShell scripts but no scripts/ directory exists
FluxA Wallet access unverified +20
Skill claims to backup 'FluxA Wallet' configuration - a crypto wallet - without explaining how or where this data is stored
No allowed-tools declaration +10
SKILL.md does not declare allowed-tools mapping, making capability inference impossible
External URLs present +5
References to clawhub.com external URLs found in documentation
Schedule persistence mechanism undeclared +5
Documentation mentions 'autoBackupSchedule' cron but implementation not provided
Most important evidence
High Doc Mismatch
Missing implementation scripts
SKILL.md and README.md describe four PowerShell scripts (quick_backup.ps1, full_backup.ps1, restore_backup.ps1, list_backups.ps1) but the scripts/ directory does not exist in the package. Only documentation files are present.
SKILL.md:117 Request developer to include actual implementation scripts before use
Medium Sensitive Access
FluxA Wallet backup without explanation
The skill claims to backup 'FluxA Wallet' configuration. FluxA appears to be a cryptocurrency wallet. The documentation does not explain what data is being backed up, where FluxA stores its data, or how this data is handled.
SKILL.md:25 Clarify what FluxA data is accessed and ensure no private keys or seed phrases are exposed
Medium Doc Mismatch
Auto-backup schedule mechanism undeclared
SKILL.md mentions 'autoBackupSchedule' cron configuration and Windows Task Scheduler integration but no actual implementation of scheduled task creation is provided.
SKILL.md:69 Clarify how scheduled backups are implemented without providing persistence mechanisms
Low Priv Escalation
No allowed-tools declaration
SKILL.md does not include the allowed-tools mapping section that defines what tools the skill can use and at what permission levels.
SKILL.md:1 Add allowed-tools declaration to clearly state filesystem/shell access requirements
Declared capability vs actual capability
Filesystem Pass
Declared READ,WRITE
→ Inferred UNKNOWN
SKILL.md describes backup/restore but no scripts exist to verify Shell Pass
Declared WRITE
→ Inferred UNKNOWN
PowerShell scripts referenced but not present Network Pass
Declared NONE
→ Inferred NONE
No network calls described in docs credential Pass
Declared NONE
→ Inferred UNKNOWN
FluxA Wallet backup implies credential/access to crypto wallet data Suspicious artifacts and egress
Medium External URL
https://clawhub.com/skills/openclaw-backup README.md:11
Medium External URL
https://clawhub.com/discuss README.md:294
Dependencies and supply chain
There are no structured dependency warnings.
File composition
3 files · 593 lines
Markdown 2 files · 580 linesJSON 1 files · 13 lines
Files of concern · 2
README.md https://clawhub.com/skills/openclaw-backup · https://clawhub.com/discuss · [email protected]
SKILL.md Missing implementation scripts · FluxA Wallet backup without explanation · Auto-backup schedule mechanism undeclared · No allowed-tools declaration
Other files · _meta.json
Security positives
No base64-encoded content or obfuscation observed
No credential exfiltration or external IP communications described
No reverse shell or C2 infrastructure references
Documentation is comprehensive and clear about intended behavior
MIT license is included