webdav-backup
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts describe a coherent backup/restore skill, but users should remember it can archive private OpenClaw workspace/configuration data, upload it to WebDAV, and run on a schedule if configured.
Before using this skill, decide whether you want local-only or WebDAV backup, confirm the backup destination is trusted, protect or use app-specific WebDAV credentials, and assume the archive may contain sensitive OpenClaw data. For restores, start in a separate directory and avoid --force until you have checked the manifest and target paths.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your WebDAV backup account credentials when you run remote backups.
The script consumes a WebDAV password from environment variables or OpenClaw configuration to authenticate remote backup operations.
WEBDAV_PASS = os.environ.get('WEBDAV_PASSWORD', openclaw_env.get('WEBDAV_PASSWORD', ''))Use a provider-specific app password where possible, protect the OpenClaw config file permissions, and avoid storing a main account password.
Local or WebDAV backups may contain sensitive conversations, files, skill data, and configuration details.
The default backup includes OpenClaw memory, skills, documents, media, and related configuration, which may contain private context or secrets.
`~/.openclaw/workspace/` - 主工作区(包含 memory、skills、文档、媒体等)
Assume backup archives contain private data; use a trusted WebDAV destination, consider encryption, and use --source or exclude patterns when you only need a smaller subset.
If you enable the cron example, backups and possible WebDAV uploads will continue automatically on the schedule.
The documentation shows how to create a cron job that periodically runs the backup script.
cron add --schedule "0 3 * * *" --command "python3 ~/.openclaw/workspace/skills/webdav-backup/scripts/backup.py"
Only add a schedule when you want ongoing backups, and keep track of how to list, edit, or remove the cron job later.
A restore operation can change local files, especially if --force is used.
Restore writes files from a tar archive into a target directory and can overwrite existing files when force is enabled, although the default behavior skips existing targets.
if target.exists() and not force: ... continue ... tar.extract(member, path=restore_path, filter='data')
Restore to a separate test directory first, inspect the backup manifest, and use --force only after confirming the target path and overwrite intent.