iScandium OpenClaw Samba Backup
v1.0.0将 OpenClaw 数据备份到远程 Samba 服务器。当用户提到「备份 openclaw」「设置自动备份」时触发。
⭐ 0· 260·0 current·0 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (Samba backup) matches the included files and behavior: the script mounts a CIFS share and copies OpenClaw data there. The included config fields (Samba username/password, target IP/share) are expected for this purpose.
Instruction Scope
SKILL.md and the script are narrowly scoped to mounting a Samba share and copying files. The runtime instructions reference the repo-local config and the script path and instruct adding a cron job — all within the backup purpose. Minor inconsistency: SKILL.md suggests copying config/default.json.example, but the file manifest contains config/default.json (no `.example`) — could confuse first-run users.
Install Mechanism
This is an instruction-only skill with a shell script; no install spec or external downloads. Dependency is cifs-utils (apt), which is appropriate for SMB mounts. Low installation risk from the registry standpoint.
Credentials
The script requires two sensitive secrets in a local JSON (target_share_password and source_admin_password). Storing the local administrator password in plaintext within the skill config and repeatedly piping it into sudo (-S) is disproportionate and increases credential exposure. While a root/sudo approach is necessary to mount and create directories, safer alternatives (root-run, limited sudoers rules, credential files with tight perms, or using a mount credentials file) are not used or suggested.
Persistence & Privilege
always:false and no background/agent-wide changes are requested. The skill does not modify other skills or system-wide agent settings. It instructs the user how to add a cron job via OpenClaw, which is a user action.
What to consider before installing
This skill appears to do what it says (copy OpenClaw files to a Samba share), but it has important security weaknesses: it asks you to put the SMB password and your server admin (sudo) password in a plaintext JSON and then feeds that admin password to sudo repeatedly. Before installing or enabling automated runs: 1) Do NOT store admin passwords in plaintext if you can avoid it — prefer running the script as root, using a credentials file for mount.cifs with chmod 600, or creating a sudoers entry that allows only the necessary mount/cp/rm commands without a password. 2) Inspect and test the script in a safe environment (non-production) to verify mount points and paths — misconfiguration could cause accidental deletions (the script runs rm -rf on backup directories). 3) Limit the SMB server IP to a trusted host and rotate credentials after testing. 4) Consider improving the script (use a credentials file, use rsync instead of cp to preserve metadata, use jq for robust JSON parsing, avoid echoing passwords). If you are not comfortable storing or managing the required passwords securely, do not enable automatic execution or cron scheduling for this skill.Like a lobster shell, security has layers — review code before you run it.
latest
OpenClaw Samba 备份
触发条件
| 关键词 | 动作 |
|---|---|
| 「备份 openclaw」「backup openclaw」 | 执行完整备份流程 |
| 「自动备份」「定时备份」 | 设置定时任务 |
执行模式
| 选项 | 说明 |
|---|---|
| ✅ 自动执行 | 触发后直接执行备份,无需逐步确认 |
配置
配置文件:config/default.json(参数说明见 config/params_schema.json)
首次使用前,复制配置模板:
cp config/default.json.example config/default.json
| 参数 | 说明 |
|---|---|
target_server_ip | Samba 服务器 IP |
target_share_name | 共享文件夹名称 |
target_share_username | Samba 用户名 |
target_share_password | Samba 密码 |
source_admin_username | 本服务器管理员用户名 |
source_admin_password | 管理员密码(sudo 用) |
max_backups | 保留备份数量(默认 7) |
source_dir | 备份源路径(默认 ~/.openclaw) |
target_folder | 目标文件夹名(默认 hostname) |
mount.vers | SMB 版本(默认 2.0) |
mount.mount_point | 挂载点(默认 /mnt/iscandium-openclaw-samba-backup) |
工作流(1 步)
| Step | 职责 | 执行者 | 文档 | 输入 | 输出 |
|---|---|---|---|---|---|
| 01 | 执行备份 | 脚本 | scripts/backup.sh | config/default.json | Samba 共享目录 |
备份位置
//{target_server_ip}/{target_share_name}/{target_folder}/{timestamp}/
运行备份
bash ~/.openclaw/workspace/skills/iscandium-openclaw-samba-backup/scripts/backup.sh
设置定时备份
首次配置后,使用 OpenClaw 内置 cron:
openclaw cron add \
--name "OpenClaw Samba 备份" \
--cron "0 3 * * *" \
--tz "<your-timezone>" \
--message "运行备份:bash ~/.openclaw/workspace/skills/iscandium-openclaw-samba-backup/scripts/backup.sh" \
--session isolated \
--agent <your-agent> \
--timeout-seconds 600 \
--no-deliver
依赖
cifs-utils(Samba 客户端)
sudo apt install cifs-utils
目录结构
iscandium-openclaw-samba-backup/
├── SKILL.md
├── config/
│ ├── default.json # 私有配置(不发布)
│ ├── default.json.example # 配置模板
│ └── params_schema.json # 参数 schema
└── scripts/
└── backup.sh # 备份脚本
Comments
Loading comments...