ClawHub

Synology Backup

v2.0.3

Backup and restore OpenClaw workspace, configs, and agent data to a Synology NAS via SMB or SSH/rsync. Use when: backing up workspace files, restoring from a...

2· 962·5 current·5 all-time
byPaul Frederiksen@pfrederiksen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the files and behavior: scripts perform rsync/cifs or rsync-over-SSH backups, snapshotting, pruning, integrity verification, and restore. Declared required binaries (rsync, jq) and the apt suggestions (cifs-utils, rsync, jq) are appropriate for the intended functionality.
Instruction Scope
SKILL.md and the scripts limit actions to mounting the NAS, running rsync/cp, building manifests, pruning snapshots, and reporting status. The code explicitly validates config fields and backup path values, and uses an allowlist for restore operations. Note: the skill will back up sub-agent workspaces by default and can be configured to include sensitive files (e.g., .env) — the documentation warns about this. Also the scripts expect the user to create local credentials and SSH known_hosts entries; these are operationally necessary but expand the data the skill touches (local configs and optionally secrets if the user opts to include them).
Install Mechanism
There is no automated download/install step in the registry spec; the bundle is source + scripts and the SKILL.md lists apt install commands for required packages. No remote downloads or archive extraction are used by the install instructions, which reduces supply-chain risk.
Credentials
The registry metadata declares no required environment variables or primary credential; the skill instead relies on a user-provided JSON config (~/.openclaw/synology-backup.json), an SMB credentials file (~/.openclaw/.smb-credentials) for SMB transport, or SSH key auth for SSH transport — all proportional to a backup tool. Minor discrepancy: the scripts reference optional Telegram notifications (send_telegram) and TELEGRAM_TARGET in config, which implies the use of a Telegram bot token or similar credential at runtime, but no explicit env var is declared in the skill metadata — the token would be a separate user-provided secret. Also mounting CIFS typically requires appropriate system privileges (root) which the registry metadata does not mention; this is an operational requirement rather than a covert one.
Persistence & Privilege
always:false and model invocation are default. The skill does not request permanent/global agent privileges and does not modify other skills' configs. It writes state/manifest files into user-specified locations on the NAS or local temp/state files in the skill directory — expected for a backup tool.
Assessment
This skill appears to be what it claims: a Synology NAS backup/restore utility implemented with readable shell scripts and JSON config. Before installing, consider the following: 1) Prefer SSH transport with key-based auth (no SMB password file) and use Tailscale if you need remote connectivity. 2) Do not add sensitive files (like .env or API keys) to backupPaths unless you understand the risk and the NAS share is tightly access-controlled and encrypted. 3) The scripts expect a credentials file (~/.openclaw/.smb-credentials) for SMB or SSH keys in ~/.ssh for SSH — ensure those files are created securely (chmod 600) and managed by you. 4) The bundle optionally supports Telegram notifications; if you enable them you will need to supply a bot/token out of band — the skill metadata does not declare a Telegram credential variable. 5) Mounting CIFS may require root privileges; test the scripts with --dry-run and in a safe environment before scheduling them in production. 6) If you want extra assurance, inspect the send_telegram implementation in lib.sh (it is referenced by the scripts) and test the dry-run path to confirm behavior matches your expectations.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dxvn561x0cmrjzw72tbcqcx848sz2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsrsync, jq

Comments