ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Daily Backup System

Automates daily compressed backups of OpenClaw configs, workspaces, env files, and scripts with 7-day rotation and a step-by-step restore guide.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 74 · 0 current installs · 0 all-time installs
by@harvnk
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes a 'daily_backup.sh' that the user should copy and run, but no script or code file is included in the skill bundle. The restore step fetches and runs a remote installer (https://openclaw.ai/install.sh) even though no install spec exists. Missing script + external restore dependency are incoherent with an instruction-only skill that otherwise declares no installs.
!
Instruction Scope
The runtime instructions explicitly collect and archive highly sensitive artifacts — openclaw.json (agent configs), all workspaces, and '.env' files with API keys — and advise extracting a full system tarball at / (tar xzf ... in /), which can overwrite system files. They also instruct executing a remote installer via 'curl | bash' during restore. Those actions expand scope beyond simple local backup guidance and introduce significant risk.
!
Install Mechanism
No install spec in the registry, but the restore guide uses 'curl -fsSL https://openclaw.ai/install.sh | bash' which is equivalent to downloading and executing arbitrary remote code. This is high-risk (download-and-exec) from an external domain not proven in the package, and no checksums or verification are provided.
!
Credentials
The skill requests no credentials but instructs users to back up '.env' files containing API keys and reverse-proxy configs. Storing these sensitive secrets in unencrypted tarballs with 7-day rotation is disproportionate without guidance on encryption, access control, or secure storage. Declaring no required env vars is inconsistent with the claim to handle API keys safely.
Persistence & Privilege
The skill does not set 'always: true' and is user-invocable only; however it instructs the user to create a persistent cron job on the host (0 3 * * * ...), which grants ongoing file-access capability to the provided script. The skill itself does not request elevated platform privileges, but the suggested cron-based persistence merits user review before deployment.
What to consider before installing
Do not install or run this as-is. Key concerns: (1) the backup script referenced (daily_backup.sh) is missing — request the script and review its contents before running; (2) the restore step runs an unsigned remote installer with 'curl | bash' — never run remote install scripts without verifying source and checksums; (3) the instructions archive '.env' and proxy configs (API keys and secrets) in plain tarballs — store backups encrypted and limit access; (4) extracting a full-system tarball at / can overwrite critical files — test restores in an isolated VM before using on production; (5) prefer documented, auditable backup scripts (include the script and its hash), add encryption (gpg or rclone to secure remote storage), and explicit file-permission guidance. Ask the publisher for the missing daily_backup.sh, a checksum and source for the restore install.sh, and an option to encrypt or exclude secrets before deploying.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk970kwdk9m21dk5rngzfzvyvv983743t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Daily Backup System

Automated daily backup of your entire OpenClaw setup with rotation and restore guide.

Use when: you want automatic backups of your OpenClaw configuration, agent workspaces, API keys, scripts, and data — with a one-command restore process.

What it does

Runs daily via cron and creates a compressed backup of:

  • openclaw.json — all agent configs, bindings, channels, crons
  • All agent workspaces (SOUL.md, TOOLS.md, memory/, scripts/)
  • Environment files (.env with API keys)
  • Custom scripts and data pipelines
  • Reverse proxy config (Caddy/Nginx)

Features

  • Compressed tar.gz — typically 200-500MB for a full 12-agent setup
  • 7-day rotation — keeps last 7 backups, auto-deletes older ones
  • Restore guide — auto-generated RESTORE_GUIDE.md with step-by-step instructions
  • Excludes noise — skips node_modules, pycache, session transcripts (too large, regenerated)
  • Zero downtime — runs in background, doesn't interrupt the gateway

Setup

  1. Copy daily_backup.sh to your scripts directory
  2. Edit the workspace paths to match your setup
  3. Add cron: 0 3 * * * /bin/bash /path/to/daily_backup.sh >> /tmp/backup.log 2>&1

Restore (disaster recovery)

# On a fresh VPS
curl -fsSL https://openclaw.ai/install.sh | bash
cd / && tar xzf openclaw-full-backup-YYYY-MM-DD.tar.gz
openclaw gateway start

Full system restored in under 10 minutes.

Tags

backup, disaster-recovery, devops, security, automation, cron, restore

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…