ClawHub

Self Preserve

v0.3.1

Backup readiness and disaster recovery for your OpenClaw agent. Checks whether your memory, identity, config, skills, and workspace files are covered by a re...

1· 81·0 current·0 all-time
byGavin Lin@gavinlinasd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the instructions: the skill only enumerates OpenClaw agent state files, checks a local backup directory, and can create/list/delete scheduled backups. It does not request unrelated credentials, binaries, or installs.
Instruction Scope
Instructions are narrowly scoped to `~/.openclaw/` and `~/openclaw-backups/` and explicitly forbid reading file contents and the credentials directory. Small residual risk: `ls -la` output can expose filenames (which may contain sensitive metadata) and the skill relies on the agent to redact any accidentally-seen secrets. The SKILL.md is otherwise prescriptive and not open-ended.
Install Mechanism
No install spec and no bundled code — instruction-only. This minimizes code-on-disk and supply-chain risk.
Credentials
No environment variables, credentials, or external endpoints are requested. The declared allowlist/denylist of paths is consistent with the stated purpose.
Persistence & Privilege
The skill does not force inclusion and is user-invokable. It uses platform-native CronCreate/CronList/CronDelete for scheduling; SKILL.md states persistent scheduling only occurs after explicit user confirmation. Be aware CronCreate may write to a platform-managed file (`.claude/scheduled_tasks.json`), which modifies agent scheduling state outside `~/.openclaw/` — this cross-config write is deliberate for scheduling but worth noting.
Assessment
This skill appears coherent and low-risk: it only lists files and checks a local backup folder, and it has no installs or credential requests. Before installing, confirm that the platform-native CronCreate/CronList/CronDelete tools behave as described (they should prompt before creating persistent schedules) and that you are comfortable with any scheduled-job metadata being written to the platform's scheduler file (e.g., .claude/scheduled_tasks.json). Also be aware that listing filenames can still reveal sensitive names; if you have unusually sensitive file names in ~/.openclaw/, consider running the assessment manually or reviewing ls output in a secure environment. If you need higher assurance, request or inspect the platform's implementation/permissions of the Cron* tools or run the skill in a sandboxed agent first.

Like a lobster shell, security has layers — review code before you run it.

latestvk974jj94000tzc0wg9nxw2fz1184f34q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

Comments