ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MyOpenClaw Backup Restore

v3.0.2

Cross-platform backup and restore for OpenClaw. Works on Windows, macOS, and Linux — backups created on any OS can be restored on any other OS. Use when user...

0· 380·1 current·1 all-time
by@beyound87

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for beyound87/myopenclaw-backup-restore.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "MyOpenClaw Backup Restore" (beyound87/myopenclaw-backup-restore) from ClawHub.
Skill page: https://clawhub.ai/beyound87/myopenclaw-backup-restore
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install beyound87/myopenclaw-backup-restore

ClawHub CLI

Package manager switcher

npx clawhub@latest install myopenclaw-backup-restore
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and the code align: the scripts read and write ~/.openclaw and create/restore archives. However the registry metadata omits some expected capabilities: the SKILL.md and code call external commands (openclaw --version, tar/powershell compress/expand) but the registry only declares 'node' as a required binary. The _meta.json ownerId/version don't match the registry metadata, which is an integrity inconsistency.
Instruction Scope
The SKILL.md and scripts perform precisely the backup/restore operations advertised (copying many OpenClaw config directories, creating pre-restore snapshots, hardening permissions, and providing a HTTP management server). These operations necessarily touch sensitive files (gateway tokens, API keys, credentials). The instructions and code do not instruct the agent to read unrelated host files beyond ~/.openclaw, which is appropriate for the stated purpose.
Install Mechanism
No install spec is provided (instruction-only install), and the code is included in the package. That reduces risk from remote installs. The code is plain Node.js scripts with no external download/install steps.
!
Credentials
The skill handles very sensitive secrets (bot tokens, API keys) by design but requests no environment variables. SKILL.md claims explicit read/write permission to ~/.openclaw and network:listen, but the registry metadata listed no required config paths or permissions — a mismatch. The HTTP server requires a token at startup (good), but the UI embeds the token in URLs (download links include ?token=...), which risks token leakage via logs/referrers if used remotely.
Persistence & Privilege
The skill is not force-included (always:false) and is user-invocable. It does not request persistent elevated privileges beyond reading/writing the OpenClaw data directory and optionally listening on localhost. Autonomous invocation is allowed (platform default) but that is not combined with 'always' or broad unrelated credential access.
What to consider before installing
This package appears to implement the advertised backup/restore functionality, including a local HTTP UI and upload/download endpoints. However: - Metadata mismatches: the package's _meta.json owner/version differ from the registry metadata and SKILL.md declares read/write ~/.openclaw and network listen while the registry shows no config paths — ask the publisher to explain these inconsistencies and confirm the canonical source. - External commands: the scripts call 'openclaw --version' and rely on tar or PowerShell Compress/Expand; ensure your system has these tools and that you trust the openclaw binary in PATH before running. - Sensitive data: backups include bot tokens/API keys/credentials. Only run this on machines you control, and never upload backups to public repos. The HTTP server requires a token, but tokens appear in generated download URLs and the UI HTML — avoid exposing the UI to untrusted networks and prefer localhost-only access. - Exec usage: the server and backup scripts use execSync to run shell commands. That is expected for archive operations but increases risk if you run the server with attacker-controlled BACKUP_DIR or if you expose the server to untrusted clients. Recommendations before installing/running: 1) Verify the author's identity and canonical source (homepage or repo). Resolve owner/version mismatches. 2) Inspect the full scripts locally (you already have them) and run in a sandbox or VM first. 3) Start the HTTP server only with a strong token and bind it to localhost; avoid exposing it publicly or behind untrusted proxies. 4) Back up current ~/.openclaw separately before running any restore. Use --dry-run first. If you want, I can point out any specific lines of code that implement the restore, restart, or server behaviors, or scan for risky shell invocations in the truncated parts of the scripts.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsnode
latestvk97da7zdw90dyc9at5kg1aspc982e5r1
380downloads
0stars
3versions
Updated 1h ago
v3.0.2
MIT-0
@beyound87
latest
Download

MyOpenClaw Backup Restore — Cross-Platform

Part of the MyClaw.ai open skills ecosystem. Full documentation (中文): see README.md

Quick Start

# Backup
node scripts/backup-restore.js backup

# List backups
node scripts/backup-restore.js list

# Restore (always dry-run first!)
node scripts/backup-restore.js restore <archive> --dry-run
node scripts/backup-restore.js restore <archive>

No setup, no dependencies beyond Node.js.

What Gets Backed Up

Workspace (MEMORY.md, SOUL.md, etc.) • All workspace-* dirs (multi-agent teams) • Gateway config (tokens, API keys, channels) • Skills • Extensions • Credentials & channel pairing state • Agent config & session history • Devices • Identity • Cron jobs • Guardian scripts • ClawHub registry • Delivery queue • Memory index

Excluded: logs, node_modules, .git, media files, browser data, .lock/.deleted.* files.

See references/what-gets-saved.md for full details.

Cross-Platform

Backups use tar.gz (native on Win10+/macOS/Linux). Auto-fallback to ZIP on older Windows. Archives from any OS restore on any OS.

Commands

backup

node scripts/backup-restore.js backup [--output-dir <dir>]

Creates openclaw-backup_{agent}_{timestamp}.tar.gz in ~/openclaw-backups/. Auto-prunes (keeps last 7). On non-Windows: chmod 600 applied.

restore

node scripts/backup-restore.js restore <archive> [--dry-run] [--overwrite-gateway-token]

Safety features:

  • --dry-run: Preview without changes
  • Pre-restore snapshot: Auto-saves current state before overwriting
  • Gateway token preservation: Keeps new server's token (prevents Control UI mismatch)
  • Interactive confirmation: Must type yes
  • Credential hardening: chmod 700/600 on non-Windows
  • Auto-restart: Starts gateway after restore
  • Legacy compatibility: Handles v1 (bash) and v2 archive structures

list

node scripts/backup-restore.js list [--backup-dir <dir>]

HTTP Server

node scripts/server.js --token <secret> [--port 7373] [--backup-dir <dir>]
  • Web UI at http://localhost:<port>/?token=<token>
  • Remote: list, download, upload only
  • Localhost: backup, restore (shell execution restricted to localhost)
  • Token is mandatory — server won't start without one

Security

Archives contain bot tokens, API keys, and credentials. Store securely. Never commit to public repos. Transfer via encrypted channels.

Comments

Loading comments...