Backup Rotator
PassAudited by ClawScan on May 10, 2026.
Overview
This looks like a coherent offline backup utility, with the main caution that it can delete old backups and run automatically if the user configures cron.
This skill appears safe to install for local backup rotation if you understand that it can delete matching backup files. Use `--dry-run` before real rotation, keep backups in a dedicated directory, verify the configured source and destination paths, and review any cron job before enabling unattended runs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running rotation without checking first could permanently remove backups the user still wanted.
Rotation deletes backup files according to retention rules. This is disclosed and central to the skill, but it is irreversible if the wrong directory or prefix is used.
`--rotate DIR` | Apply retention policy, delete old backups
Run `--dry-run` first, use a dedicated backup directory, and set a specific `--name` prefix before enabling deletion.
Compression may fail or behave differently on systems without a compatible `tar` command.
Compressed directory backups depend on a system `tar` executable even though the registry declares no required binaries. The command is purpose-aligned, but the runtime dependency is under-declared.
subprocess.run(["tar", "-czf", str(backup_path), "-C", str(source.parent), source.name], capture_output=True, text=True)
Install or verify `tar` before using `--compress`, or prefer uncompressed/file backups if the environment is uncertain.
A cron job can keep creating and deleting backups on a schedule until the user removes or changes it.
The documentation shows how to schedule recurring automated backup, rotation, and verification through cron. This is user-directed and disclosed, but it continues outside the chat session once configured.
0 2 * * * cd /home/user && python3 skills/backup-rotator/scripts/backup_rotator.py --cron /home/user/configs/backup-postgres.json >> /var/log/backup-rotator.log 2>&1
Review the config file and logs, use least-privileged permissions, and remove the cron entry if automated rotation is no longer desired.