Clawdbot Skill Update
v1.0.2Comprehensive backup, update, and restore workflow with dynamic workspace detection
⭐ 6· 3.3k·25 current·25 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name and description match what the scripts do: dynamic detection of agent workspaces, full backup, restore, and update checks against ~/code/clawdbot. One minor inconsistency: the SKILL.md metadata declares required binaries (bash, jq, tar, git) but the instructions and workflow also expect 'pnpm' (used to stop/start/build the gateway) and examples reference 'sponge' — those are not listed. This is likely an omission but should be noted before install.
Instruction Scope
The SKILL.md and included scripts explicitly read/wrap files under ~/.clawdbot (config, sessions, agents, credentials, cron, sandboxes) and arbitrary workspaces whose paths are read from ~/.clawdbot/clawdbot.json. They also interact with ~/code/clawdbot (git/pnpm). All of these actions are within the stated scope of backing up and restoring Clawdbot state. Note: restore extracts into the configured workspace paths and will overwrite those locations (the script prompts for confirmation).
Install Mechanism
There is no install spec and this is an instruction-only skill containing plain shell scripts — no remote downloads, package installs, or archive extractions pulled from external URLs. That minimizes install-time risk.
Credentials
The skill requests no environment variables or external credentials, and it does not call out any remote endpoints for exfiltration. However, by design it reads and archives sensitive local data (credentials, auth tokens, agent workspaces). That is proportional to its backup/restore purpose but is sensitive — users should expect backups to contain secrets and protect the backup directory accordingly.
Persistence & Privilege
The skill is not marked always:true and does not try to modify other skills or system-wide agent settings. It operates on user-owned files and directories and calls locally-available tools (git/pnpm). The scripts will write backups to ~/.clawdbot-backups and can overwrite workspace paths during restore — that is expected for a restore tool.
Assessment
This skill appears to be what it claims: a local backup/update/restore tool for Clawdbot. Before running it: 1) Review the scripts yourself (they will read and archive ~/.clawdbot and any workspaces listed in your config, including credentials and auth tokens). 2) Run the dry-run script first (~/.skills/clawdbot-update/backup-clawdbot-dryrun.sh) to verify which paths will be archived. 3) Ensure you have pnpm (and sponge if you plan to use the SKILL.md examples) available — SKILL.md calls pnpm for stopping/starting/building and examples use sponge, but those binaries are not listed in the metadata. 4) Protect the backup directory (~/.clawdbot-backups) — backups will contain secrets. 5) Test restore in a safe environment if possible; restores will overwrite files and workspaces. If you do not fully trust the source, don’t run the full backup/restore on a production system until you’ve inspected the scripts locally.Like a lobster shell, security has layers — review code before you run it.
latestvk973mxns30vp499wa408wg4ags7yvkmv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💾 Clawdis
Binsbash, jq, tar, git