ClawHub

OpenClaw Backup Rclone

v1.0.0

自动备份 OpenClaw 整体配置到远程存储(支持任意 rclone 后端:COS、S3、FTP、SFTP、WebDAV等)。 触发场景: - 创建/配置自动备份任务 - 设置备份周期、保留份数、目标目录 - 手动触发备份 - 查看/恢复备份 - OpenClaw 运行异常时的提醒

0· 109·0 current·0 all-time
byDorad@doradx·duplicate of @doradx/clw-openclaw-backup
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise (backup OpenClaw config to arbitrary rclone backends) aligns with included script and SKILL.md. The script operates on /root/.openclaw and uses rclone for upload/rotation, which is exactly what a backup tool would do.
Instruction Scope
Instructions and script perform only backup-related actions (status check, tar up selected directories, rclone copy, remote rotation). However the documented default behavior includes backing up credentials/ memory/agents and other sensitive files — this is expected for a full backup but is a privacy/security risk the user must accept or opt out of (the script provides flags to exclude).
Install Mechanism
No install spec; this is an instruction + script skill that relies on existing rclone and openclaw CLI binaries. No remote downloads or package installs are performed by the skill itself.
Credentials
The skill requests no environment variables, which is proportional. It does require filesystem access to /root/.openclaw (to read credentials and other sensitive data) and network access via rclone to whichever remote the operator supplies. SKILL.md examples show passing access_key_id/secret on the command line — an insecure practice that can leak secrets via shell history or process listing; the script itself does not exfiltrate data to unknown endpoints.
Persistence & Privilege
always is false and the skill is user-invocable. It does not modify other skills or global agent settings. The user may add the script to cron (documented) which is normal for backups and not a platform privilege escalation.
Assessment
This skill appears to do what it claims, but it will read and upload sensitive OpenClaw files (including credentials/ memory/agents) to whatever rclone remote you specify. Before installing: (1) ensure you trust the remote storage and use encryption (rclone crypt / server-side encryption), (2) avoid putting access keys on the command line or in crontab — prefer interactive rclone config or secure storage, (3) if you don't want secrets backed up, run the script with --include-credentials=false (and test with --check-only), (4) run the backup under an account with least privilege and review resulting backups to confirm no unwanted data was included, and (5) keep rclone and openclaw CLI up to date. If you need, request the author to add explicit warnings/confirmation before including credentials and to support encrypted backups by default.

Like a lobster shell, security has layers — review code before you run it.

latestvk977fjd2zpbvej41jfecn19tz183ppem

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments