Cloud Backup

What to consider before installing: - Functionality: This skill tars your OpenClaw state (~/.openclaw), so archives will include configuration, credentials, and any secrets stored there. That is the intended behavior for a backup tool. - Credentials: The skill expects S3-compatible credentials (ACCESS_KEY_ID / SECRET_ACCESS_KEY) or a named AWS profile. The recommended flow is to create a bucket-scoped, least-privilege key pair. Prefer a named profile or short-lived credentials where possible instead of storing long-lived secrets in config. - GPG passphrase: If you enable encryption, the SKILL.md suggests storing the GPG passphrase in the skill's config (env.GPG_PASSPHRASE) for non-interactive restores/cron. Storing passphrases in OpenClaw config is convenient but means the passphrase itself must be protected; consider using a secret manager or requiring interactive entry if you need stronger protection. - Scheduling/autonomy: The skill can create a cron job that triggers the agent to run backups automatically. Allow this only if you trust the agent and the scheduling action; review the schedule and cron payload before accepting. - Inspect the script: The full bash script is included in the package; review it if you want to verify details (files excluded, encryption flow, where files are written, exact S3 commands). It uses aws CLI (aws s3 cp/ls/rm), gpg for encryption, and standard tar/sha utilities. - Protect the OpenClaw config: Ensure ~/.openclaw/openclaw.json is filesystem-permission restricted (the references/security.md already recommends 600). Rotate keys if they are ever exposed. If those trade-offs are acceptable (i.e., you want automated backups of OpenClaw state and are prepared to manage credentials and encryption appropriately), the skill is coherent and reasonable to use.