ClawHub

Clawdbot Backup

v1.0.0

Backup and restore ClawdBot configuration, skills, commands, and settings. Sync across devices, version control with git, automate backups, and migrate to new machines.

17· 3.9k·14 current·15 all-time
by@sebastian-buitrag0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md shows shell commands and a backup/restore script that operate on ~/.claude and project .claude folders, which is exactly what a ClawdBot backup skill should do. The actions (tar, rsync, git references) are appropriate for backup/sync/versioning. Note: the top-level registry metadata said no required binaries, but the SKILL.md metadata lists required binaries (git, tar, rsync) — this mismatch should be clarified.
Instruction Scope
The instructions explicitly read and write files under $HOME/.claude and project .claude folders and create/restore tar archives — all expected. They will overwrite existing files on restore (the script warns of this). The SKILL.md references an environment variable (CLAWDBOT_BACKUP_DIR) for configuration that is not declared in the skill's manifest; it's optional but worth documenting. The docs imply syncing/versioning (git/rsync) which can transmit backup data off-host; the skill does not declare or manage remote credentials, so users must take care when configuring remote sync to avoid leaking sensitive configuration or tokens that may live in backed-up files.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — it does not download or install anything itself. That minimizes installation risk. The SKILL.md assumes standard system tools (tar, git, rsync) will be present; the registry metadata should reflect that but currently disagrees.
Credentials
The skill declares no required credentials or config paths in the registry, which is reasonable for a local backup script. However, the instructions reference an optional env var (CLAWDBOT_BACKUP_DIR) and rely on tools (git, rsync) that, when used for remote sync, require credentials not declared by the skill. Backing up ~/.claude may capture API keys, tokens, or other secrets stored by skills — the skill does not restrict or call out that risk in the manifest.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It does not attempt to modify other skills or system-wide settings by itself. The restore operation will overwrite files under the user's home directory (expected behavior for a restore) but this is an operational risk to be aware of, not an elevation of privilege in the skill metadata.
Assessment
This skill appears to do what it says: create and restore tar archives of your ClawdBot configuration. Before using it, consider the following: - The registry metadata and the SKILL.md disagree: the doc lists required binaries (git, tar, rsync) and uses an optional env var (CLAWDBOT_BACKUP_DIR) that the manifest doesn't declare — confirm the expected dependencies and configuration. - Backups will include everything under ~/.claude (and optionally project .claude directories). Inspect those directories for API keys, tokens, or other secrets before creating backups. If you plan to push backups to a remote git repo or rsync to another host, ensure you trust the remote and use encryption (or don't include secrets). - Restores will overwrite existing files (including settings.local.json). Test restores on a non-critical machine or snapshot first, and consider excluding machine-specific files from full restores or using the script's 'skills' or 'settings' subtypes. - Restrict permissions on your backup directory (~ /clawdbot-backups) and consider encrypting archive files (gpg/age) before storing or syncing them remotely. - Ask the skill author to fix the metadata inconsistencies (declare required binaries and document optional env vars) so the registry accurately reflects runtime needs. If you understand these risks and take the recommended precautions (inspect contents, encrypt if syncing, limit permissions, test restores), the skill is coherent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk97emn7nt2f625yr0rpr2dvg6n805ert

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💾 Clawdis
Binsgit, tar, rsync

Comments