OC Backup
v1.1.0备份 OpenClaw 关键配置文件、核心数据和自定义技能,支持全量及分类备份,自动管理备份文件保留和清理。
⭐ 0· 75·0 current·0 all-time
byFrankMei@neverland83
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (OpenClaw backup) aligns with the code and SKILL.md: the script collects files from ~/.openclaw (openclaw.json, .env, workspace, skills, cron, devices, memory) and produces tar.gz backup packages and manifests. No unrelated services, cloud APIs, or extraneous credentials are requested.
Instruction Scope
Instructions are focused on creating backups, using node scripts and optional cron scheduling. They explicitly reference backing up .env (marked sensitive) and other core files. The skill does read and package sensitive local files (.env with API keys) — this is expected for a backup tool but is important to note because backups will contain secrets. The SKILL.md does not instruct any network transmissions or access to unrelated system paths.
Install Mechanism
No automated remote install downloads are included in the registry metadata — it's an instruction+script package. Dependencies are standard npm modules (commander, fs-extra, tar, dayjs) declared in package.json; SKILL.md suggests running npm install locally. No obscure external URLs or archive-extract installs are used.
Credentials
The skill requests no environment variables or credentials and does not require additional secrets to run. However, it will back up the user's .env file (which contains API keys), so the resulting backups contain sensitive credentials. The config examples mention notification channels and an optional encryptionKey, but no credentials or webhooks are required by default — enabling notifications would likely require additional configuration (not declared as required here).
Persistence & Privilege
always is false and the skill does not request permanent system-level privileges. It does file-system operations confined to the ~/.openclaw area and the configured output directory. The script can delete old backups from the backup output directory (clean operation), which is expected behavior for a backup tool.
Assessment
This skill is coherent for backing up OpenClaw files and does not request external credentials. Before installing: 1) Review and run the script in dry-run mode to see what it will include; 2) remember backups will contain .env and other secrets — store backup files securely (encrypt them or use secure storage); 3) if you enable notifications or encryption in config, ensure any webhook tokens or keys are provided securely (the skill does not declare required env vars for those); 4) test restore in a safe environment before relying on automated restores; 5) note a functional inconsistency: the cleanup routine appears to look for backup directories named openclaw-backup-*, while backups are described as tar.gz files — confirm cleanup behavior on your system to avoid leaving old tar.gz files or accidentally deleting unexpected directories. If you want extra assurance, have someone you trust review scripts/backup.js and run with --dry-run and limited output-dir first.Like a lobster shell, security has layers — review code before you run it.
latestvk976q0rdxnawqg1h1njjt90yzx83pk29
License
MIT-0
Free to use, modify, and redistribute. No attribution required.