agent-backup-transfer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a real local backup tool, but restoring an unverified backup can overwrite files and the backups may contain sensitive agent memory, identity, and configuration data.
Use this skill only if you need local OpenClaw backups or migration. Keep backup archives private, prefer encrypted transfer/storage, and restore only archives you personally created and trust. Be cautious with the optional hook or cron setup because it can keep producing sensitive backups.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the backup file is corrupted or tampered with, restoring it could overwrite agent files or other files under the user's home directory.
The restore command extracts a user-provided archive directly into the home directory with no archive-entry validation, staging directory, path allowlist, or manifest check.
echo " Existing files may be overwritten." read -p "Continue? (y/n) " -n 1 -r ... cd "$HOME" tar -xzf "$BACKUP_FILE"
Only restore backups you created and trust. The skill should extract to a temporary directory first, reject absolute paths and '..' entries, allow only expected .openclaw paths, and ideally create a pre-restore snapshot.
Anyone with the backup may be able to recover or impersonate parts of the user's OpenClaw agent identity or configuration.
The backup intentionally includes OpenClaw identity and configuration files, which may function like profile or session data depending on the user's setup.
.openclaw/workspace \ .openclaw/openclaw.json \ .openclaw/identity \ .openclaw/agents
Treat backup archives like sensitive credentials: store them privately, encrypt them before transfer, and do not share them through untrusted channels.
A leaked backup could expose private agent memory or files, and a tampered backup could affect future agent behavior after restore.
The skill packages persistent agent memory and suggests broad transfer options without emphasizing encryption, integrity checks, or sensitivity of the contents.
Workspace — `~/.openclaw/workspace/` (agent memory, identity, files) ... Copy the `.tar.gz` file to new computer - USB drive, cloud sync, email, Discord... whatever works
Use trusted transfer methods, encrypt backups before uploading or messaging them, and verify the archive source before restoring.
If enabled, backups may be created repeatedly and continue to store sensitive agent data until the hook or cron job is removed.
The optional setup writes a hook script and recommends a cron entry that can keep creating backups over time.
cat > "$WORKSPACE_DIR/.hooks/post-memory-save.sh" << 'HOOK' ... "$BACKUP_SCRIPT" create ... echo " # Add: 0 2 * * * ~/.openclaw/workspace/skills/openclaw-backup/openclaw-backup.sh create"
Enable auto-backup only if you want recurring backups, and remember to remove the hook or cron entry if you no longer need it.