OpenClaw Backup
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-backup Version: 1.0.0 This skill is designed to backup and restore OpenClaw data, including sensitive credentials and configuration. The `scripts/backup.sh` script archives the `~/.openclaw` directory locally, excluding logs and cache, and implements a 7-day rotation policy. The `SKILL.md` and `references/restore.md` files provide clear instructions for backup, restore, and setting up a daily cron job. There is no evidence of data exfiltration, malicious execution, obfuscation, or prompt injection attempts against the agent beyond legitimate instructions to perform the backup task.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read the backup archive may gain access to sensitive OpenClaw-connected services or sessions.
The skill explicitly backs up API keys, auth profiles, and session data. That is expected for a full OpenClaw backup, but these files can grant account access if the archive is exposed.
- `credentials/` — API keys, tokens - `agents/` — agent configs, auth profiles - `telegram/` — session data
Store backups only in trusted locations, consider encrypting them, and avoid syncing them to untrusted cloud or shared folders.
Backups may contain private notes, saved memory, agent instructions, and user files that could influence future agent behavior after restore.
The backup includes persistent agent memory, instruction-like files, and user files from the workspace. This is purpose-aligned but sensitive because it preserves private context for later reuse or restore.
- `workspace/` — memory, SOUL.md, user files
Review what is in ~/.openclaw/workspace before backing up or restoring, and protect backup archives like other private data.
A mistaken restore or rollback could delete or replace the user's current OpenClaw configuration, credentials, workspace, and scheduled tasks.
The restore rollback instructions include destructive local filesystem commands. They are normal for restore workflows, but running them against the wrong path or backup could remove the current OpenClaw state.
rm -rf ~/.openclaw mv ~/.openclaw-old ~/.openclaw
Run restore commands manually and carefully, verify the backup file first, and keep a separate copy of the current ~/.openclaw directory until the restore is confirmed.
If configured, the agent may keep creating backups automatically, including sensitive data, until the cron entry is removed or changed.
The skill provides an optional persistent daily cron schedule that will continue running after setup. The scheduled script path also differs from the documented ./scripts/backup.sh command, so users should verify what file will run.
"schedule": {"kind": "cron", "expr": "0 3 * * *", "tz": "UTC"} ... "message": "Run ~/.openclaw/backup.sh and report result to user."Create the schedule only if recurring backups are desired, point it to the reviewed backup script, and remove or update the cron job when no longer needed.