Workspace Git Backup
v1.0.0Set up automatic scheduled backups to GitHub or GitLab. Use when users want to backup their OpenClaw workspace or other directories. Supports GitHub CLI for...
⭐ 1· 239·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the actual behavior: scripts configure a Git-backed scheduled backup, optionally use gh for repo creation, and install cron/launchd entries. Minor mismatch: the skill declares no required binaries, but the scripts call git (required), optionally gh (for repo creation), python3 (for json pretty-printing), sed, crontab, and launchctl. Those binaries are reasonable for the stated purpose but should have been declared.
Instruction Scope
SKILL.md instructs the agent to ask for a backup path, create a config under ~/.openclaw/workspace, copy included scripts into ~/.openclaw/scripts, and install scheduled tasks. The runtime steps and file paths are limited to the user's home (~/.openclaw, ~/Library/LaunchAgents, crontab) and to interacting with git remotes; the instructions do not attempt to read unrelated system files or external data.
Install Mechanism
No remote downloads or package installs — the skill is instruction-only but ships script files which the instructions copy into the user's home directory. This is lower risk than fetching code from arbitrary URLs, but it does write and execute bundled scripts on disk and install persistent tasks.
Credentials
The skill declares no environment variables or credentials. That is consistent: git pushes will use the user's existing Git authentication (credential helper, SSH key, or gh login). There is no evidence the skill requests unrelated credentials or attempts to exfiltrate secrets beyond pushing whatever is in the configured backup path to the chosen remote repo.
Persistence & Privilege
The skill installs persistent scheduled tasks (cron on Linux, launchd plist on macOS) and creates files under ~/.openclaw and ~/Library/LaunchAgents. It does not request always:true or modify other skills' configs, but users should note the persistent nature: scheduled runs will continue until the user uninstalls the task.
Assessment
This package appears to do what it claims, but review and consider these before installing:
- Inspect the included scripts (they are bundled) before copying/executing them. The scripts will add/commit and push any changes in the configured backup path to the configured remote — do not include directories containing secrets or credentials unless you intentionally want them backed up to that repo.
- Ensure git is installed and that your authentication (SSH key or credential helper, or gh login) is configured; the skill does not declare these binaries but uses them. If you use gh for repo creation, be logged in and understand which account the repo will be created under.
- The skill will create cron entries or a launchd plist and write files to ~/.openclaw and ~/Library/LaunchAgents; confirm you are comfortable with persistent scheduled tasks. Use manage.sh uninstall to remove the scheduled task (scripts and config are left in place by design).
- Prefer a private repository or a repository with proper access controls. If you need stronger isolation, create a dedicated repository or use a deploy key/account with limited access.
- If you want higher assurance, run the backup script manually first and monitor its behavior (what files it commits/pushes), and validate logs at ~/.openclaw/logs/github-backup.log.Like a lobster shell, security has layers — review code before you run it.
latestvk972yfjf5wc7vf7pc4jg5qv8ah82dcwt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.