openclaw-all-backup

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill mostly does what it claims, but it duplicates sensitive OpenClaw data and has an unsafe fallback copy pattern that can silently mis-handle the backup.

Install only if you want a full local copy of your OpenClaw configuration, including credentials and logs. Prefer running it where rsync is available, protect the created ~/.openclawYYYYMMDDHHMMSS directory, and consider fixing the cp fallback before relying on it for critical backups.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

A user may believe they have a complete backup of OpenClaw credentials and data when the fallback copy actually failed or copied differently than intended.

Why it was flagged

When rsync is unavailable, the script falls back to shell globs for copying all files, including hidden files, and discards errors with '|| true'. Hidden-file globs such as .* are a known fragile pattern, and suppressing errors can make a sensitive backup appear successful even if files were skipped or the copy behaved unexpectedly.

Skill content

cp -a "$SOURCE_DIR"/* "$BACKUP_PATH/" 2>/dev/null || true
cp -a "$SOURCE_DIR"/.* "$BACKUP_PATH/" 2>/dev/null || true

Recommendation

Use rsync as the required path, or replace the cp fallback with a safer bounded command such as copying the directory contents via tar/rsync-equivalent logic without .* and without suppressing real errors.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone or anything with access to the backup directory may be able to read copied OpenClaw credentials.

Why it was flagged

The skill explicitly says the backup includes OpenClaw credentials and all other files. This is expected for a full backup, but it creates another local copy of sensitive authentication material.

Skill content

- `credentials/` - 凭据
- 所有其他文件

Recommendation

Store backups in a protected location, keep file permissions restrictive, and delete or encrypt old backups if they contain credentials.

Low

#ASI06: Memory and Context Poisoning

What this means

Restoring an old backup could reintroduce old agent state, logs, tasks, or configuration that the user no longer expects.

Why it was flagged

The backup includes persistent workspace content, agent data, scheduled tasks, and logs. This is purpose-aligned, but those files may contain sensitive context or stale instructions that could be restored later.

Skill content

- `workspace/` - 工作空间（含所有文件）
- `agents/` - Agent 数据
- `cron/` - 定时任务
- `logs/` - 日志文件

Recommendation

Review backups before restoring them, especially agent data and cron/task files, and avoid keeping unnecessary historical copies.