Openclaw Backup
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a legitimate local OpenClaw backup tool, but it backs up API keys and has cleanup/config handling that could delete unrelated files or run unexpected shell commands if misconfigured.
Use this only with a dedicated, private backup directory. Do not point the old-backup path at your home, documents, desktop, root, or any shared folder. Treat every backup as containing API keys and identity data, protect or encrypt it, and inspect/fix the shell config handling before relying on automated backups. Windows users should not run the referenced PowerShell scripts unless they obtain and review them separately.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can access the backup location may be able to read API keys or identity-related OpenClaw data.
The skill clearly discloses that it backs up OpenClaw credential files containing API keys. This is purpose-aligned for a full configuration backup, but it creates sensitive backup copies.
| credentials/ | 凭证文件(含 API 密钥) | ... 1. credentials/ 包含敏感信息 - 妥善保管备份
Use a private, access-restricted or encrypted backup directory, avoid shared/cloud-synced folders unless encrypted, and rotate keys if a backup is exposed.
If the old-backup directory is set to a general folder such as a home or documents directory, cleanup could permanently delete unrelated data.
The cleanup routine deletes immediate subdirectories under the configured old-backup root without confirming they are actually backups. Because the old-backup path is configurable, a broad or mistaken path could cause unrelated folders to be removed.
ls -tdr "$OLD_BACKUP_ROOT"/*/ | while read dir; do
...
rm -rf "$dir"
echo "[DELETED] $BASENAME"
doneOnly use a dedicated backup directory. The maintainer should refuse dangerous paths, verify backup markers or timestamp names before deletion, add a dry-run/confirmation mode, and avoid deleting anything outside the skill’s own backup tree.
A malicious or malformed configuration value could cause commands to run when the backup script starts.
The setup script writes raw user-entered paths and numbers into config.sh as shell syntax; backup.sh later sources that file. Special characters, injected lines, or non-numeric values could turn configuration data into shell commands.
read -p " Enter number (press Enter for default): " keep_count ... cat > "$config_file" << EOF BACKUP_ROOT="$backup_root" OLD_BACKUP_ROOT="$old_backup_root" ... KEEP_COUNT=$keep_count MAX_OLD_SIZE_GB=$max_old_size_gb EOF
Store configuration as data rather than sourced shell, or strictly validate numeric fields and safely escape path values, for example with printf %q or a structured config format.
Windows users may need to fetch or run scripts that are not covered by this review, and ExecutionPolicy Bypass reduces PowerShell’s normal script-execution guardrails.
The documentation tells Windows users to run PowerShell scripts, but the provided file manifest only includes scripts/backup.sh and scripts/setup.sh. Those Windows scripts were not available for review in this artifact set.
| Windows | scripts/backup.ps1 | ... powershell -ExecutionPolicy Bypass -File "scripts/setup.ps1"
Include the Windows scripts in the reviewed package or remove the Windows instructions. Users should inspect any external PowerShell files before running them.