OpenClaw Checkpoint - Personal AI Assistant Backup & Recovery (Github)
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a real backup-and-restore skill, but it needs review because it backs up private AI memory to GitHub, relies on external install scripts, and its docs understate what files and persistence it touches.
Before installing, review the GitHub installer/scripts, use a private repository, verify what files will be committed and excluded, understand all paths the skill can touch, and enable scheduled backups only if you want recurring background pushes.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe only the workspace directory is touched, while the skill can also create persistent scheduling configuration outside that directory.
The same security section discloses scheduler changes outside the workspace while also claiming no access outside the workspace, which materially understates the operating boundary.
macOS: Creates a launchd plist at `~/Library/LaunchAgents/com.openclaw.checkpoint.plist` ... Linux: Adds a user-level cron job ... File access scope: The skill only reads and writes within `~/.openclaw/workspace`. It does not access files outside this directory.
Update the documentation to list every read/write path, scheduler change, and restore/delete effect explicitly, and require clear user confirmation for operations outside the workspace.
Installing this way requires trusting the current contents of the GitHub repository at install time.
The quick install fetches a mutable remote shell script and executes it; the executable scripts are not included in the reviewed package.
curl -fsSL https://raw.githubusercontent.com/AnthonyFrancis/openclaw-checkpoint/main/scripts/install-openclaw-checkpoint.sh | bash
Review the remote installer before running it, prefer a pinned release or commit, and consider including the scripts in the packaged skill for review.
Private memories and agent context could be exposed if the repository is public, shared, or compromised, and restored memories may influence future assistant behavior.
The skill intentionally stores persistent assistant memory and identity data in a remote git repository.
Automatically sync your OpenClaw agent's identity, memory, and configuration to GitHub. ... Your backup contains personal data: Agent identity and personality; Conversation history and memories; Personal notes and configurations
Use only a private repository, review exactly what will be committed, verify secret exclusions, and protect the GitHub account and keys used for backup.
After scheduling, backups may continue running in the background and push updated assistant state to GitHub.
The skill can create recurring background backup behavior, but the documentation says it is opt-in and user-level.
checkpoint-schedule sets up cron (Linux) or launchd (macOS) for auto-backups ... Auto-backup is opt-in only -- it is never enabled unless you explicitly run `checkpoint-schedule`.
Run scheduling only if you want recurring backups, and verify or disable it with checkpoint-status, checkpoint-stop, crontab -l, or the documented launchd plist.
A broad token or SSH key could allow more repository access than needed if mishandled.
GitHub authentication is expected for this backup integration, but it grants repository access that should be scoped carefully.
Requirements ... SSH key or GitHub Personal Access Token ... A private GitHub repository for storing backups
Prefer SSH or a narrowly scoped token, use a private repository, and avoid sharing credentials with unrelated tools.
Running the command without understanding it could delete local backed-up agent files.
The static scan found a destructive delete command in documentation; no supplied artifact shows it is automatic, but it can remove an agents backup directory if run.
rm -rf ~/.openclaw/workspace/agents
Only run reset or cleanup commands after reviewing what they delete and after confirming you have a current backup.