OpenClaw Smart Backup
ReviewAudited by ClawScan on May 13, 2026.
Overview
The backup tool is purpose-aligned, but its visible exclusion logic appears flawed and could include sensitive key files or symlinked files that users would expect it to skip.
Before installing or running, use the documented dry-run mode, review which files would be archived, avoid workspaces containing symlinks to sensitive locations, store backup archives securely, and consider fixing the wildcard and symlink exclusion logic.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private keys, certificates, or secret files in the workspace could be backed up even though the configuration appears to exclude them.
The default exclusions include wildcard patterns for secret/key/certificate files, but the code checks excluded_files by exact filename only. Files such as id_rsa.pem or api.key would not match these wildcard strings and may be included in the archive.
"excluded_files": [".env.local", ".env.development", ".env.production", "*.local", "*.secret", "*.key", "*.pem", "*.crt"] ... self.files: Set[str] = set(...) ... if name_lower in self.files:
Run a dry-run first, inspect the file list, and fix or override exclusions so wildcard secret patterns are actually matched before creating real backups.
A symlink or junction inside the OpenClaw workspace could cause unexpected files outside the intended backup scope to be included or represented in the archive.
The code resolves the path before checking whether it is a symlink or Windows junction. Resolving can follow the link, so the later symlink/junction check may miss the original link even though the skill claims symlinks are skipped.
file_path = file_path.resolve() ... if file_path.is_symlink() or self._is_junction(file_path):
Check for symlinks before using the skill, use dry-run mode, and update the script to test is_symlink/reparse-point status before resolving paths.
Users have less independent assurance about where the script came from or how to verify updates.
The registry metadata does not provide a source repository or homepage, which limits provenance verification for a skill that runs a local backup script.
Source: unknown; Homepage: none
Prefer installing from a trusted publisher, review the bundled script, and verify the full source before relying on backups.