ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Backup

Encrypted backup and restore for OpenClaw agents. Two-tier archives: operational data safe for cloud storage, secrets encrypted with age for local recovery....

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 80 · 0 current installs · 0 all-time installs
byDon Zurbrick@zurbrick
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose is an encrypted backup/restore for OpenClaw and the included scripts implement that. However the registry metadata claims no required binaries or env vars while the scripts unambiguously require tar, python3, and the openclaw CLI (schedule/restore), and optionally age and gh for secrets and GitHub pushes. Those runtime requirements are proportional to the stated purpose, but they are not declared in the skill metadata — an incoherence that could surprise operators.
Instruction Scope
SKILL.md and the scripts stay within the backup/restore domain: staging, checksums, optional secrets encryption with age, and pushing operational archives to a GitHub repo. The restore flow is destructive when run for real (it atomically swaps ~/.openclaw and saves a .pre-restore-backup) and scheduling creates OpenClaw cron jobs that will run these scripts. No instructions attempt to read or exfiltrate unrelated system files or unknown network endpoints beyond GitHub and the optional use of gh.
Install Mechanism
There is no external download/install step in the manifest (no network install), and all included code is local shell/python scripts. That lowers install risk. There is no 'extract-from-URL' or third-party package install specified by the registry metadata.
!
Credentials
The scripts expect and honor environment variables (AGE_RECIPIENT, AGE_PASSPHRASE_FILE, AGE_IDENTITY_FILE, OPENCLAW_DIR, BACKUP_DIR, CRON_*), and they use the user's gh authentication and the openclaw CLI. The registry declared no required envs or primary credential — this mismatch is a risk because the skill will act using the operator's local credentials (GitHub via gh, OpenClaw CLI context) and may read passphrase files if provided. Those accesses are explainable by the feature set, but they should be declared so operators know what credentials will be used.
Persistence & Privilege
always:false and user-invocable:true (defaults) — good. The skill does create cron jobs via the openclaw CLI (schedule.sh) which grants it persistence/recurrence on the host via OpenClaw's scheduling mechanism; this is expected for a backup tool but operators should be aware cron entries are created/replaced. The skill does not modify other skills' configs directly.
What to consider before installing
This package implements a reasonable backup/restore flow, but review and confirm a few things before installing: 1) Ensure required binaries are present: tar, python3, and the openclaw CLI; install age and gh only if you intend to use encrypted secrets or GitHub push. 2) Understand credential use: push-to-github uses your gh session (it will create/clone a private repo under your GitHub account) and secrets restoration uses age identities or passphrase files you provide — keep those keys/passphrases secure. 3) Test in dry-run mode first: run verify.sh and restore.sh --dry-run and run monthly-drill/monthly-verify in a test backup folder. 4) Be aware restore.sh replaces ~/.openclaw atomically and will move the pre-restore state to a timestamped .pre-restore-backup directory; schedule.sh will create/replace cron jobs via openclaw cron create. 5) Because the metadata omits required binaries/envs, treat the omission as a packaging oversight; if you need to install this, prefer a local code review and run scripts manually in a sandbox before giving them access to production credentials or enabling scheduled jobs.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.0
Download zip
backupvk971bwc84yz3cr01rxqy6q9akd837c4fdisaster-recoveryvk971bwc84yz3cr01rxqy6q9akd837c4fencryptionvk971bwc84yz3cr01rxqy6q9akd837c4flatestvk971bwc84yz3cr01rxqy6q9akd837c4frestorevk971bwc84yz3cr01rxqy6q9akd837c4fsecurityvk971bwc84yz3cr01rxqy6q9akd837c4fworkflowsvk971bwc84yz3cr01rxqy6q9akd837c4f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

🔐 Agent Backup

One command to backup. One command to restore. Everything encrypted, verified, and rollback-safe.

Quick Start

# Backup (operational only — safe for cloud)
bash {baseDir}/scripts/backup.sh

# Backup with encrypted secrets
bash {baseDir}/scripts/backup.sh --include-secrets --age-recipient age1...

# Verify
bash {baseDir}/scripts/verify.sh --manifest <path>/manifest.json --archive <path>/backup.tar.gz

# Restore (dry-run first)
bash {baseDir}/scripts/restore.sh --manifest <path>/manifest.json --archive <path>/backup.tar.gz --dry-run

# Restore for real
bash {baseDir}/scripts/restore.sh --manifest <path>/manifest.json --archive <path>/backup.tar.gz

# Push to GitHub (operational only, secrets blocked if unencrypted)
bash {baseDir}/scripts/push-to-github.sh --manifest <path>/manifest.json --archive <path>/backup.tar.gz

# Schedule daily 4 AM backups
bash {baseDir}/scripts/schedule.sh

Two-Tier Archive Model

TierContentsCloud safe?Encrypted?
OperationalWorkspace, redacted config, crons✅ YesNo (no secrets)
Secrets.env, agent auth profiles❌ Local only✅ Required (age)

Default: operational only. Secrets are opt-in via --include-secrets.

Restore Safety

Restore uses a 7-step safety flow:

  1. Verify manifest checksums
  2. Extract to staging (not live directory)
  3. Verify critical files in staging
  4. Backup current state to .pre-restore-backup-TIMESTAMP
  5. Atomic swap
  6. Health check (pre-restart-check.sh if available)
  7. Auto-rollback on failure

Flags: --dry-run (preview only), --force (non-interactive)

Prerequisites

  • age for secrets encryption: brew install age or apt install age
  • gh for GitHub push (optional): brew install gh

Configuration

Set encryption via environment or flags:

# Environment
export AGE_RECIPIENT="age1your_public_key"
export AGE_PASSPHRASE_FILE="/path/to/passphrase"

# Or flags
bash {baseDir}/scripts/backup.sh --include-secrets --age-recipient age1...

Workflows

  • bash {baseDir}/scripts/weekly-verify.sh — verify all backup sets, prune by daily/weekly/monthly retention, and clean orphaned files.
  • bash {baseDir}/scripts/monthly-drill.sh — run a dry-run restore against the newest backup set and report pass/fail.
  • bash {baseDir}/scripts/pre-change-snapshot.sh — create a fast operational-only snapshot before config edits or gateway restarts.
  • .github/workflows/verify-backup.yml — GitHub Actions CI that builds a fixture backup, validates manifest checksums, extracts the archive, and checks critical files.

Reference Files

  • {baseDir}/references/restore-guide.md — full disaster recovery walkthrough
  • {baseDir}/references/what-to-backup.md — every file explained
  • {baseDir}/references/retention-policy.md — how long to keep backups

Files

14 total
Select a file
Select a file to preview.

Comments

Loading comments…