OpenClaw Backup Safe
Security checks across malware telemetry and agentic risk
Overview
The skill appears to do what it says—make and restore local OpenClaw backups—but those backups include credentials, sessions, workspace memory, and optional scheduled execution, so they should be handled carefully.
This skill is coherent and transparent for local OpenClaw backup and restore. Before installing or using it, make sure you are comfortable creating local archives that include API keys, tokens, sessions, memory, user files, and cron tasks. Keep backups private, consider encryption, verify the package identity because of the metadata mismatch, and restore only from archives you trust.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read the backup archive may be able to access API keys, tokens, or sessions stored by OpenClaw.
The skill explicitly backs up credentials, auth profiles, and session data. This is expected for a full OpenClaw backup, but it means the backup files can grant access to accounts or services if exposed.
- `credentials/` - API keys, tokens - `agents/` - agent configs, auth profiles - `telegram/` - session data
Store backups in a private, protected location, restrict file permissions, and consider encryption for backup archives.
Backups may preserve private user files and agent memory, and restoring an old backup can reintroduce outdated or unwanted context.
The backup includes persistent workspace memory and user files. This is purpose-aligned, but restored or copied memory may affect future agent behavior and can contain private context.
- `workspace/` - memory, SOUL.md, user files
Review what is stored in the workspace before sharing or restoring backups, and avoid restoring archives from untrusted sources.
If enabled, OpenClaw will keep creating recurring backups of sensitive data without a fresh manual command each time.
The skill documents an optional cron schedule that runs the backup script regularly. This is disclosed and aligned with automatic backup scheduling, but it creates ongoing background activity.
"schedule": {"kind": "cron", "expr": "0 3 * * *", "tz": "UTC"},
"message": "Run ~/.openclaw/workspace/skills/openclaw-backup/scripts/backup.sh and report result to user."Enable the cron schedule only if recurring backups are desired, and periodically review or disable the scheduled task if it is no longer needed.
Restoring the wrong archive can change OpenClaw behavior, revert settings, or reintroduce old credentials and scheduled tasks.
Restore instructions stop OpenClaw, move the current data directory, extract a backup, and restart the service. That is expected for restore, but a wrong or untrusted backup could replace credentials, memory, cron tasks, and agent configuration.
openclaw gateway stop mv ~/.openclaw ~/.openclaw-pre-restore-$(date +%Y%m%d-%H%M%S) cd ~ tar -xzf ~/openclaw-backups/openclaw-YYYY-MM-DD_HHMM.tar.gz openclaw gateway start
Restore only backups you created and trust, keep the pre-restore safety copy until verification succeeds, and check OpenClaw status after restoring.
The package identity is slightly ambiguous, so users have less assurance that the reviewed files correspond exactly to the registry entry.
The bundled metadata differs from the supplied registry metadata, which lists slug `openclaw-backup-safe` and version `1.0.1`. This is a provenance consistency issue, although the included script is small and does not show hidden behavior.
"slug": "openclaw-backup", "version": "1.0.0"
Verify the skill source and package identity before relying on it for sensitive credential backups.