OpenClaw State Backup
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This backup skill is mostly purpose-aligned, but its restore script handles archive extraction unsafely, so a crafted backup archive could write files outside the intended OpenClaw state folders.
Use this only with backup archives you created or fully trust. The backup behavior is coherent, but the restore code should be fixed before handling untrusted archives because a crafted tar file could write outside the intended OpenClaw state paths.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a backup archive is malicious or corrupted, running even a verify/dry-run style workflow could create or overwrite files outside the intended temporary or OpenClaw state locations.
The script extracts every tar member before validating the manifest or archive paths, and later builds destination paths from manifest components without rejecting '..', absolute paths, or symlink-style archive tricks.
with tarfile.open(archive, "r:gz") as tar:
tar.extractall(tmpdir)
...
remainder = Path(*parts[2:])
if scope == "workspace":
return workspace / remainderOnly restore archives you created and trust. The maintainer should replace extractall with safe extraction that rejects absolute paths, '..' components, links, and unexpected entries before writing anything.
Backup archives may contain sensitive memories or agent state, and restoring them can change what OpenClaw remembers or how local skills behave later.
The skill intentionally backs up and restores persistent memory, agent state, and local skills, which can contain private context and influence future agent behavior.
`~/.openclaw/memory/` — vector index / memory DBs - `~/.openclaw/agents/` — per-agent runtime/session state - `workspace/MEMORY.md` - `workspace/skills/` — user-authored skills and local skill state
Store backup archives securely, review the manifest before restoring, and use include/exclude filters when you do not need to capture or restore all memory and skill state.
A backup may preserve configuration or session-related state that could affect which OpenClaw environment or account context is restored.
The backup scope includes local runtime configuration and session metadata. This is expected for a state backup tool, but users should treat the resulting archives as sensitive.
`~/.openclaw/openclaw.json` — runtime config - `~/.openclaw/sessions.json` — session metadata
Keep archives private, avoid sharing them, and inspect or filter session/config files if you are migrating to another machine or user.