ClawHub

OpenClaw Backup Safe

v1.0.1

Backup and restore OpenClaw data. Use when user asks to create backups, set up automatic backup schedules, restore from backup, or manage backup rotation. Ha...

2· 1.5k·22 current·22 all-time
by@alessandropcostabr·fork of @alex3alex/openclaw-backup (1.0.0)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, SKILL.md, restore reference, and scripts all focus on archiving ~/.openclaw (configs, credentials, agents, workspace, telegram session, cron). Nothing in the bundle asks for unrelated cloud credentials, binaries, or system access beyond typical filesystem operations.
Instruction Scope
Instructions are narrowly scoped to creating and rotating local archives and restoring them. They explicitly include sensitive items (credentials/, agents/, workspace/, telegram/). The cron example instructs an agent to run the backup script and "report result to user" — that reporting step is not defined and could leak metadata about backups if the agent transmits output; consider auditing what the agent will send when it "reports."
Install Mechanism
No install spec; this is an instruction-only skill with a simple shell script. Nothing is downloaded or installed by the skill itself.
Credentials
The skill declares no required env vars, credentials, or config paths. The included script operates on $HOME/.openclaw and the backup directory only — proportional to the stated purpose.
Persistence & Privilege
always is false and model invocation is allowed by default. The skill suggests scheduling via the OpenClaw cron system, which is consistent with a backup utility; no permanent elevated privileges or modifications to other skills are requested.
Assessment
This package appears to do what it says: create and rotate local archives of ~/.openclaw. Before installing or scheduling it: (1) remember backups include API keys, agent auth, Telegram sessions and other secrets — protect the backup directory (restrict filesystem permissions) and consider encrypting archives or storing them in an encrypted location; (2) inspect the script (you already have it) to confirm it only touches the expected paths; (3) verify what the OpenClaw agent's "report result to user" will transmit (avoid sending archive contents or secrets to external endpoints); (4) test restore procedures in a safe environment before trusting production data; (5) note the package has no homepage and the registry metadata owner differs from the embedded _meta.json ownerId — this lowers provenance confidence, so prefer a well-known source or mirror if available.

Like a lobster shell, security has layers — review code before you run it.

latestvk976nrp8ak8y8tsgdbbn1tbt2181a2fn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments