backup
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent backup workflow, but it would automatically preserve full chat history and configuration data, run generated backup scripts, and sync that data to cloud targets, so it needs careful review before use.
Install only if you intentionally want OpenClaw to archive full conversations and configuration files across sessions. Before enabling automation, review the generated scripts, use a private/encrypted backup destination, limit the GitHub token to one repository, add exclusions for secrets or personal data, and decide whether automatic reset/backup should require confirmation.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private chat content, secrets accidentally mentioned in chat, and long-term memory can be stored indefinitely, reused in future sessions, and copied to cloud backup locations.
The workflow explicitly stores full conversation content and all memory history, then includes those files in backups; the artifacts do not describe redaction, exclusions, retention, or deletion controls.
读取当前会话完整历史(通过 sessions_history 或内部 API) ... 包含:timestamp, role, content, message_id ... 备份内容 ... memory/: 所有历史记录文件
Before enabling, add clear retention and deletion rules, exclude or redact sensitive content, and confirm that any GitHub backup repository is private or encrypted.
The agent may reset the current session or push updated archives/configuration to backup targets at scheduled or state-based triggers without the user noticing each time.
The configured workflow performs high-impact actions automatically after setup, including session reset and backup execution, without requiring confirmation for each event.
执行自动重置(无需用户确认) ... 自动备份任务(每次 HEARTBEAT 检查) ... 如果 `pendingChanges == true`:立即执行备份 ... 如果上次备份超过 **12 小时**:执行备份脚本
Require a dry-run summary and explicit approval for the first backup, automatic reset, and any backup that includes newly sensitive files; provide a simple disable switch.
A generated or wrong-path script could copy, upload, or modify files in ways the user did not review, especially because the workflow is designed to run it automatically.
The workflow later executes a PowerShell backup script, but no script implementation is included in the supplied package for review, and the example path is hard-coded to a specific user directory.
执行备份脚本: ```powershell & "C:\Users\will\.openclaw\workspace\scripts\backup.ps1" ```
Review the generated PowerShell scripts before enabling automatic execution, remove hard-coded user paths, and keep execution policies as restrictive as possible.
If the token is exposed, someone could access repositories within the token's scope.
A GitHub token is expected for GitHub backup, but the docs suggest repo-scoped access and embedding the token in the remote URL, which can leave credentials in local Git configuration or shell history.
确认 token 有 repo 权限 ... git remote set-url origin https://[TOKEN]@github.com/[USERNAME]/openclaw-backup.git
Use a fine-grained token limited to the backup repository, prefer Git credential manager or SSH over embedding tokens in URLs, and do not paste tokens into shared logs.