Backup Full System
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This backup skill does what it advertises, but it can collect very sensitive local and privileged configuration data and upload it to Google Drive without clear exclusions, encryption, or scope controls.
Install only if you intentionally want a full, sensitive system backup uploaded to your configured Google Drive. Before running it, inspect and edit the script paths and rclone remote, exclude secrets such as tokens and session files, encrypt the archive, and avoid enabling cron unless you want recurring automatic uploads.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your cloud backup could contain login/session material or network identity configuration, not just ordinary OpenClaw data.
The script copies broad user configuration and privileged Tailscale configuration, then uploads the resulting archive to a cloud remote; these locations can contain tokens, account state, or other credentials.
cp -r ~/.config $TMP_DIR/user_configs 2>/dev/null sudo cp -r /etc/tailscale $TMP_DIR/etc_tailscale 2>/dev/null rclone copy $BACKUP_DIR/$FILENAME gdrive:OpenClaw_Backups
Review the archive contents before uploading, exclude credential/session directories, avoid copying privileged auth state unless necessary, and prefer encrypted backups with a user-selected destination.
Private OpenClaw memory, conversations, configuration, and database contents may be preserved and uploaded for later reuse or exposure if the cloud account or archive is accessed by others.
The archive includes the .openclaw directory plus collected system information; according to the skill description, this includes database, configuration, and memory data, which may contain private agent context.
SOURCE_NAME=".openclaw" sudo tar -czf $BACKUP_DIR/$FILENAME -C $PARENT_DIR $SOURCE_NAME full_system_info
Define exactly which OpenClaw data should be backed up, encrypt the archive before upload, document retention, and exclude sensitive memory or secrets that are not needed for recovery.
Running the skill on a different machine or account could back up the wrong directory, fail unpredictably, or send sensitive data to a preconfigured Google Drive remote.
The script performs a privileged archive and cloud upload using hard-coded local and remote targets, without checking that the current user approved those exact paths or destination.
PARENT_DIR="/home/jackie_chen_phong" FILENAME="Ultimate_Snapshot_$DATE.tar.gz" sudo tar -czf $BACKUP_DIR/$FILENAME -C $PARENT_DIR $SOURCE_NAME full_system_info rclone copy $BACKUP_DIR/$FILENAME gdrive:OpenClaw_Backups
Make the source path and cloud remote explicit user inputs, show a dry-run list of files before upload, and require confirmation before privileged archive and upload steps.
A user may trust the backup as safe while it can still include sensitive keys or tokens in the uploaded archive.
The documentation claims the script is designed not to expose secret keys if configured correctly, but the included script broadly copies configuration directories and privileged Tailscale files without visible secret filtering or encryption.
**Bảo mật:** Script đã được thiết kế để không làm lộ các mã khóa bí mật trong quá trình nén nếu được cấu hình đúng.
Remove or qualify the safety claim, document exactly which secrets are excluded, and implement enforceable secret exclusions or encryption before upload.
You must install and configure external tools yourself, and the security of the upload depends on the rclone remote you configure.
The skill depends on system packages and rclone configuration even though the registry requirements declare no required binaries or credentials; this is expected for cloud backup but should be visible to users.
sudo apt update && sudo apt install -y tar zip rclone ... rclone config
Verify the package source, configure rclone to a trusted account, and ensure registry metadata accurately declares required tools and cloud credentials.
If scheduled, the backup may continue uploading new archives even after the original manual run.
The documentation suggests optional scheduled backups; this is user-directed and purpose-aligned, but it can create recurring background uploads if configured.
**Định kỳ:** Anh có thể kết hợp với công cụ `cron` để đặt lịch sao lưu tự động hàng tuần.
Only add a cron job if you want recurring backups, document the schedule, and periodically review what is being uploaded.