ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Backup Manager

v1.0.0

Manage local and cloud backups with listing, creating, restoring, scheduling, and monitoring using Time Machine, rsync, cron, and rclone integration.

0· 355·1 current·1 all-time
bypp@ppopen
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description match the operations shown (rsync, Time Machine, cron, rclone). However the SKILL.md repeatedly references a backup-manager CLI at ~/.openclaw/workspace/skills/backup-manager/backup-manager and suggests git clone from a GitHub repo, yet no code, binary, install spec, homepage, or source URL are included in the package. That makes the declared capability dependent on an external/unverified binary and is an unexplained gap.
Instruction Scope
The instructions operate squarely on backups: listing, creating (rsync), restoring, scheduling (cron), and cloud sync (rclone) and reference a config at ~/.config/openclaw/backups.json. These are within the stated purpose. However the instructions would cause the agent to execute system-level operations (tmutil, diskutil, rsync, cron changes, rclone) that can modify or overwrite user files and schedules; SKILL.md assumes a CLI will perform these without providing or verifying its implementation.
Install Mechanism
There is no install spec (instruction-only skill), which reduces supply-chain risk. Conversely, the SKILL.md claims an executable exists in the OpenClaw workspace and README recommends cloning a GitHub repo — but no repository URL or packaged code is provided. The lack of a bundled or referenced trusted release is an inconsistency and means the skill relies on external installation or an unverified binary.
Credentials
The skill does not request environment variables or credentials. Cloud sync is delegated to rclone and the SKILL.md directs the user to run `rclone config` (so credentials are managed by rclone, not the skill). No unrelated secrets or multiple credentials are requested in the package metadata.
Persistence & Privilege
always is false (good). The skill can be invoked autonomously (platform default). Because the skill's actions include creating/restoring backups and modifying cron, autonomous execution could be high-impact if the underlying CLI is malicious or buggy. There is no indication the skill tries to change other skills' configs or request permanent presence.
What to consider before installing
This skill appears to describe a legitimate backup manager but is missing the actual implementation and any verified source. Before installing or running: 1) confirm where the backup-manager CLI binary comes from — obtain it from a trusted repository or vendor and inspect the code/binary (do not run unreviewed binaries). 2) If you proceed, review the binary's source or run it in a sandbox/VM first to verify it only performs expected rsync/tmutil/rclone operations. 3) Be aware the skill will read and write your ~/.config/openclaw/backups.json, can schedule cron jobs, and can restore files (which may overwrite data) — back up critical data elsewhere first. 4) Ensure rclone is configured separately so cloud credentials remain under your control. 5) If the author/published source (repo, release, homepage) is provided, re-run this evaluation with that URL or the code so provenance can be verified; having the actual source would raise confidence and could change the verdict to benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk979dn86vrk17g4b6rxtseb12h82ezfc
355downloads
0stars
1versions
Updated 8h ago
v1.0.0
MIT-0
pp@ppopen
latest
Download

backup-manager Skill

Manage local and cloud backups — list status, create backups, restore, monitor health.

Installation

This skill is automatically available in OpenClaw. The backup-manager CLI is located at:

~/.openclaw/workspace/skills/backup-manager/backup-manager

Commands

List Backups

backup-manager list

Lists all backups including Time Machine, configured backups, and rsync snapshots.

Create Backup

backup-manager create <name> <source> <destination>

Creates a new backup from source to destination.

Examples:

# Backup home directory
backup-manager create home /Users/pp /Volumes/Backup/home

# Backup documents
backup-manager create documents ~/Documents /Volumes/Backup/docs

# Backup to network location
backup-manager create server ~/Documents /mnt/server/backup

Check Status

backup-manager status

Shows backup status including:

  • Time Machine status
  • Last backup times
  • Disk space availability
  • Configured backup destinations

Restore from Backup

backup-manager restore <source> <destination>

Restores files from a backup location to a destination.

Examples:

backup-manager restore /Volumes/Backup/home /Users/pp

Schedule Backups

# List scheduled backups
backup-manager schedule list

# Add a schedule (cron expression)
backup-manager schedule add <backup-name> "<cron>"

# Remove a schedule
backup-manager schedule remove <backup-name>

Cron Examples:

# Daily at 2 AM
backup-manager schedule add daily-home '0 2 * * *'

# Weekly on Sundays at 3 AM
backup-manager schedule add weekly-docs '0 3 * * 0'

# Every 6 hours
backup-manager schedule add frequent '0 */6 * * *'

Cloud Backup (rclone)

# Check cloud status
backup-manager cloud status

# Sync to cloud
backup-manager cloud sync <remote-name> <local-path>

Rclone Examples:

# Configure a remote (run once)
rclone config

# Sync local folder to Google Drive
backup-manager cloud sync mydrive /Users/pp/Backup

# Sync to S3
backup-manager cloud sync s3-backup /Users/pp/Backup

Configuration

The configuration file is stored at:

~/.config/openclaw/backups.json

Structure:

{
  "backups": [
    {
      "name": "home",
      "source": "/Users/pp",
      "destination": "/Volumes/Backup/home",
      "last_run": "2024-01-15T02:00:00-08:00"
    }
  ],
  "schedules": [
    {
      "name": "schedule-1",
      "backup_name": "home",
      "cron": "0 2 * * *"
    }
  ],
  "cloud": {
    "rclone": {
      "enabled": false,
      "remote": ""
    }
  }
}

Requirements

The skill uses these macOS/Unix tools (installed by default on macOS):

  • rsync - File synchronization
  • tmutil - Time Machine (macOS)
  • diskutil - Disk management (macOS)
  • jq - JSON parsing
  • rclone - Cloud sync (optional, install via brew install rclone)

If a tool is missing, the skill handles it gracefully and provides warnings.

Features

  1. Time Machine Integration - Detects and manages Time Machine backups
  2. Rsync Backups - Efficient incremental backups using rsync
  3. Cron Scheduling - Schedule recurring backups via cron
  4. Cloud Support - rclone integration for cloud backups (S3, GDrive, etc.)
  5. Config Management - JSON-based configuration with backup history

Notes

  • Backups are incremental by default (rsync -a)
  • The skill prompts for confirmation before restoring
  • Use absolute paths for reliability
  • Ensure backup destinations have sufficient disk space

Comments

Loading comments...