Openclaw Backup Skill
v0.2.2Run and schedule local OpenClaw backup operations with a bundled Bash script. Use when the user wants to create, prune, or automate local OpenClaw backups, i...
⭐ 0· 65·0 current·0 all-time
bySynbrain@synbraino
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name, description, SKILL.md, spec.md, and bundled script all align: this is a local backup/prune/schedule helper for OpenClaw. One minor inconsistency: registry metadata lists no required binaries, but the script clearly requires the OpenClaw CLI plus common utilities (python3, tar, date, mktemp, etc.). That omission in metadata is likely an authoring oversight, not malicious, but it matters operationally (the environment must supply those commands).
Instruction Scope
SKILL.md instructs the agent to use the bundled script and not to reimplement the logic. The script operates on the local filesystem, resolves the OpenClaw workspace/config, creates tar.gz archives, and prunes archives according to retention rules. It explicitly includes workspace contents (including assistant identity/continuity files such as SOUL.md, AGENTS.md) in backups and explicitly excludes environment variables and system env. All referenced file reads and actions are consistent with a backup tool's purpose. Note: backing up assistant identity and workspace files is expected for a workspace backup but is sensitive and should be disclosed to users.
Install Mechanism
There is no install specification — the skill is instruction-only with a bundled script. This is low-risk from an installation perspective because nothing is downloaded or written to disk by an installer; the only code shipped is the included script.
Credentials
The registry shows no required environment variables, but the script reads/uses OpenClaw-related env vars (OPENCLAW_STATE_DIR, OPENCLAW_CONFIG_PATH) as overrides and invokes the OpenClaw CLI. The script's use of these env vars and the OpenClaw CLI is proportional to backing up OpenClaw state. However the omission of required binaries/envs in metadata reduces transparency and could lead to runtime surprises.
Persistence & Privilege
The skill does not request permanent inclusion (always:false) and does not attempt to modify other skills or system-wide agent settings. It runs locally when invoked and uses local filesystem operations; autonomy is allowed by platform default but the skill itself does not request elevated persistence.
Assessment
This skill appears to be a straightforward local backup/prune script for OpenClaw. Before installing or running it, review and consider the following:
- The script will archive workspace contents including assistant identity/continuity files (SOUL.md, AGENTS.md, USER.md). Those files can contain sensitive context — ensure you are comfortable storing them in the chosen backup directory and that the directory has appropriate filesystem permissions and backups are stored securely.
- Ensure the target host has the OpenClaw CLI, python3, tar, and other standard utilities the script expects; the registry metadata did not list these requirements, so verify them manually (SKILL.md and the script list the required commands).
- The skill is local-only (no uploader) based on the provided files, but you should still scan the full script for any network or external command usage if you have security requirements; the provided content shows no network calls, but the script was truncated in the listing—review the entire script before running it.
- When automating (cron/systemd), ask the user for explicit permission before creating or modifying scheduled jobs or automated runs, and choose a secure output directory (default is next to the resolved OpenClaw state dir, e.g., ~/backups/openclaw).
- If you need to avoid including identity/continuity files in backups, either modify the script (or ask the user) to exclude them or test dry-run modes first to verify the manifest contents.Like a lobster shell, security has layers — review code before you run it.
backupvk971x7s7emy1q62va601ms6m0d83tfhgcronvk971x7s7emy1q62va601ms6m0d83tfhglatestvk971x7s7emy1q62va601ms6m0d83tfhgopenclawvk971x7s7emy1q62va601ms6m0d83tfhg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.