OpenClaw Backup
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read the backup archive may gain access to sensitive OpenClaw-connected services or sessions.
The skill explicitly backs up API keys, auth profiles, and session data. That is expected for a full OpenClaw backup, but these files can grant account access if the archive is exposed.
- `credentials/` — API keys, tokens - `agents/` — agent configs, auth profiles - `telegram/` — session data
Store backups only in trusted locations, consider encrypting them, and avoid syncing them to untrusted cloud or shared folders.
Backups may contain private notes, saved memory, agent instructions, and user files that could influence future agent behavior after restore.
The backup includes persistent agent memory, instruction-like files, and user files from the workspace. This is purpose-aligned but sensitive because it preserves private context for later reuse or restore.
- `workspace/` — memory, SOUL.md, user files
Review what is in ~/.openclaw/workspace before backing up or restoring, and protect backup archives like other private data.
A mistaken restore or rollback could delete or replace the user's current OpenClaw configuration, credentials, workspace, and scheduled tasks.
The restore rollback instructions include destructive local filesystem commands. They are normal for restore workflows, but running them against the wrong path or backup could remove the current OpenClaw state.
rm -rf ~/.openclaw mv ~/.openclaw-old ~/.openclaw
Run restore commands manually and carefully, verify the backup file first, and keep a separate copy of the current ~/.openclaw directory until the restore is confirmed.
If configured, the agent may keep creating backups automatically, including sensitive data, until the cron entry is removed or changed.
The skill provides an optional persistent daily cron schedule that will continue running after setup. The scheduled script path also differs from the documented ./scripts/backup.sh command, so users should verify what file will run.
"schedule": {"kind": "cron", "expr": "0 3 * * *", "tz": "UTC"} ... "message": "Run ~/.openclaw/backup.sh and report result to user."Create the schedule only if recurring backups are desired, point it to the reviewed backup script, and remove or update the cron job when no longer needed.