ClawHub

fullbackup

v0.1.0

Create a full local backup of the OpenClaw workspace and configuration using the existing backup-local.sh script. Use for /fullbackup in Telegram or when the user asks for a complete local backup.

0· 1k·0 current·1 all-time
by@trumppo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the behavior: the skill runs an existing workspace backup script. It does not request unrelated credentials or extras. However it relies on /root/.openclaw/workspace/scripts/backup-local.sh (not included in the skill bundle), so correctness and safety depend entirely on that external script.
!
Instruction Scope
SKILL.md instructs running the bundled wrapper which simply executes the workspace's backup-local.sh. The wrapper/skill does not inspect or limit what the backup script does — the backup script could read arbitrary files, include secrets, or upload archives to remote endpoints. The SKILL.md expects the script to 'print the archive path and size' but neither the wrapper nor the SKILL.md enforce or verify that behavior.
Install Mechanism
No install spec (instruction-only plus a tiny wrapper script). Nothing is downloaded or extracted by the skill itself; that is low install risk.
Credentials
The skill requires no environment variables or credentials. That is proportionate. Still, it operates over files under /root/.openclaw (sensitive workspace and config paths), so it needs file-system access to sensitive data even though no explicit secrets are requested.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills. The agent could invoke the skill autonomously (platform default), but that is not elevated here — the main risk is what the external backup script does when executed.
What to consider before installing
This skill simply runs your workspace's backup-local.sh. Before installing or invoking it: (1) review /root/.openclaw/workspace/scripts/backup-local.sh to confirm it only creates local archives and does not upload data or leak secrets, (2) verify the archive location and contents (look for secrets or unexpected files), (3) run the backup manually in a safe environment or with a dry-run option if available, and (4) prefer a skill with a known source or include the actual backup script in the bundle so it can be audited. Because the source is unknown and the real work happens in an external script, treat this as potentially risky until you inspect that script.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c67kd9hh5nj6k9jtcktf7kh80rth2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments