ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Backup 2 Github

v1.0.1

Backup personalized OpenClaw configuration and user data to a GitHub repo with single-commit history and optional dry-run preview.

0· 198·0 current·0 all-time
by@fangbb-coder

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fangbb-coder/backup-2-github.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Backup 2 Github" (fangbb-coder/backup-2-github) from ClawHub.
Skill page: https://clawhub.ai/fangbb-coder/backup-2-github
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install backup-2-github

ClawHub CLI

Package manager switcher

npx clawhub@latest install backup-2-github
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description (backup to GitHub) aligns with the code and SKILL.md: it scans OpenClaw config/memory/profile files and pushes a single-commit backup to a GitHub repo. However, the registry metadata declares no required environment variables or primary credential even though both the SKILL.md and backup.py require a GITHUB_TOKEN and usually a GITHUB_REPO setting. That manifest omission is an incoherence and a transparency issue.
Instruction Scope
SKILL.md and backup.py limit actions to reading configured OpenClaw workspace/home paths and pushing to a GitHub repo. This stays within the stated backup scope. Important caveat: the script can include optional sensitive files (credentials/*.json) and any paths added to BACKUP_FILES, and the restore action will overwrite local files. Those behaviors are consistent with a backup/restore tool but are sensitive operations that require user review and explicit configuration.
Install Mechanism
Installation is standard Python dependency installation (pip install -r requirements.txt) for PyGithub and python-dotenv. No obscure downloads, URL extracts, or external binary fetches are used in the provided files.
!
Credentials
The skill requires a GitHub Personal Access Token (GITHUB_TOKEN) and a repository name (GITHUB_REPO) to function, and the code reads these via dotenv/env. The registry metadata, however, lists no required env vars or primary credential — a meaningful mismatch. The script can back up credentials if enabled, so requesting a GitHub token is expected but must be declared and justified explicitly in metadata.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide configs. It performs normal backup/restore filesystem writes under the specified OpenClaw workspace/home paths; restore requires interactive confirmation ('yes').
Scan Findings in Context
[manifest-env-mismatch] unexpected: No pre-scan regex findings, but the skill manifest/registry metadata lists no required environment variables while SKILL.md and backup.py clearly require GITHUB_TOKEN and (optionally) GITHUB_REPO. This is an important transparency/integrity mismatch.
What to consider before installing
Before installing or running this skill: 1) Treat the GitHub Personal Access Token (GITHUB_TOKEN) as sensitive — give it the minimal scope (repo) and store it securely (do not commit it). 2) Inspect BACKUP_FILES and EXCLUDE_PATTERNS inside backup.py to ensure no secrets or unexpected paths (e.g., credentials/*.json, SSH keys, or other sensitive files) are included. 3) Use --dry-run first to verify what will be sent, and prefer a private repository for backups. 4) Note the hardcoded WORKSPACE/HOME paths (/root/.openclaw): adjust them if your OpenClaw runs as a non-root user or to avoid exposing other root-owned files. 5) Be aware restore overwrites files — confirm backups and test restores in a safe/sandboxed environment before relying on this in production. 6) Consider asking the publisher to correct the registry metadata to declare required env vars (GITHUB_TOKEN, GITHUB_REPO) so the manifest accurately reflects the credential needs.

Like a lobster shell, security has layers — review code before you run it.

latestvk976shzcmx42fkm7k5dsb14c8s835myh
198downloads
0stars
2versions
Updated 10h ago
v1.0.1
MIT-0
@fangbb-coder
latest
Download

Backup to GitHub

OpenClaw skill to backup personalized configuration and user data to a GitHub repository. Ensures easy migration and disaster recovery.

Features

  • ✅ Backup only personalized files (not default OpenClaw)
  • ✅ Restore to fresh installation with identical state
  • ✅ Supports GitHub via Personal Access Token
  • ✅ Single-commit backup (clean history)
  • ✅ Dry-run mode to preview changes

What Gets Backed Up

This skill backs up files that are specific to your setup, excluding default OpenClaw installation files:

  • Core Configuration: openclaw.json (TTS, skills, plugins settings)
  • Long-term Memory: MEMORY.md (curated memories, learned context)
  • User Identity: USER.md, IDENTITY.md, SOUL.md (your profile & persona)
  • Custom Tools: TOOLS.md (camera names, SSH hosts, voice preferences, etc.)
  • Heartbeat Tasks: HEARTBEAT.md (periodic checklists)
  • Scheduled Jobs: cron/jobs.json (your cron task configuration)
  • Monitoring Panel: Custom monitor scripts (openclaw-monitor.cjs, monitor/*.cjs)
  • Skill Configurations: Selected skill config files (YAML, README, SKILL.md) for skills you've customized (edit backup.py to add paths)
  • Custom Scripts: Any user-created scripts (edit backup.py to add paths)
  • Credentials (optional): credentials/*.json (Xiaohongshu cookies, etc.) - configurable

Automatically Excluded:

  • Default/standard skills from the library
  • Daily memory files (memory/YYYY-MM-DD.md) - too large/ephemeral
  • Cron run logs (cron/runs/)
  • Temporary files, caches, .git, __pycache__, venv, node_modules
  • Large model files and binaries

Prerequisites

  • GitHub account with Personal Access Token (repo scope)
  • Backup repository (private recommended)

Setup

# Install dependencies
pip install -r requirements.txt

# Configure (create .env file)
GITHUB_TOKEN=ghp_your_token_here
GITHUB_REPO=your-username/your-backup-repo

Usage

# Backup current configuration
python backup.py --action backup

# Preview what will be backed up (no push)
python backup.py --action backup --dry-run

# Restore from backup (overwrites existing files)
python backup.py --action restore

How It Works

Backup

  1. Scans predefined file list (in backup.pyBACKUP_FILES)
  2. Filters out excluded patterns
  3. Creates a single commit on the default branch with all file changes
  4. Pushes to your GitHub repository

Restore

  1. Fetches the latest backup commit
  2. Downloads each file to its original location
  3. Reports success and suggests service restarts

Customization

Edit BACKUP_FILES in backup.py to add or remove files from backup.

Security Notes

  • GitHub Token should have minimal scope (repo only)
  • Store token in .env (never commit)
  • Use a private repository for backups
  • Credentials (e.g., Xiaohongshu cookies) are optional and clearly marked

Limitations

  • Does not backup large binary files (ML models, caches, datasets)
  • Does not backup running state (processes, logs)
  • Daily memory files excluded by design (too large, ephemeral)
  • Requires internet access for GitHub operations

Troubleshooting

Error: GITHUB_TOKEN not set → Set token in .env or use --token flag.

Error: Repository not found → Check GITHUB_REPO format: owner/repo.

File not backing up → Ensure path is in BACKUP_FILES and not excluded by patterns.

License

MIT

Comments

Loading comments...