Simple Backup
Security checks across malware telemetry and agentic risk
Overview
This skill matches its backup purpose, but it handles broad OpenClaw state and secrets in ways that deserve review before use.
Review this skill before installing. If you use it, run it only on a trusted machine, use a dedicated local backup folder and rclone remote path, keep the backup key tightly permissioned, avoid putting the password in OpenClaw config, and verify that temporary files are cleaned up after failed runs.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private workspace files, OpenClaw state, prompts, configuration, or credentials could remain unencrypted in temporary folders after a failed backup run.
The script copies broad workspace and OpenClaw state data into plaintext temporary directories before encryption, and cleanup occurs only later in the script. With set -e and no cleanup trap, failures before that point can leave sensitive agent state on disk.
STAGING_DIR=$(mktemp -d) ... rsync -a ... "$WORKSPACE_DIR/" "$STAGING_DIR/workspace/" rsync -a ... "$STATE_DIR/" "$STAGING_DIR/state/" ... rm -rf "$STAGING_DIR" "$ARCHIVE_DIR"
Use a cleanup trap, stream tar output directly into gpg where possible, keep temp directories permission-restricted, and consider excluding credential/state subpaths that do not need to be backed up.
A local process or user with sufficient visibility could learn the backup password and decrypt backup archives.
The script reads a local backup secret and passes it to gpg on the command line. Command-line arguments can be visible to local process inspection, exposing the password that protects the backup.
KEY_FILE="$STATE_DIR/credentials/backup.key" BACKUP_PASSWORD=$(cat "$KEY_FILE" | tr -d '\n') ... gpg --batch --yes --passphrase "$BACKUP_PASSWORD" --symmetric --cipher-algo AES256
Avoid passing passphrases as command-line arguments. Prefer GPG public-key encryption, gpg-agent, or passphrase-fd/passphrase-file with strict file permissions, and avoid storing the password in general OpenClaw config.
A misconfigured backupRoot or remoteDest could remove backup files or matching encrypted files in the chosen remote path.
Local pruning and rclone sync are purpose-aligned for backup retention, but they mutate local and remote backup locations. rclone sync can delete destination files that are not present in the source.
find "$BACKUP_ROOT" -type f -name "*-DAILY.tgz.gpg" ... rm -- {}
...
rclone sync "$BACKUP_ROOT" "$REMOTE_DEST" --include "*.gpg" --progressUse a dedicated backup-only local folder and rclone remote path, consider rclone copy instead of sync if remote deletion is not intended, and test with dry-run behavior before enabling cloud sync.
Installation behavior could vary over time if these npm dependencies are used, increasing supply-chain uncertainty.
If package dependencies are installed by a package manager, wildcard versions can pull changing, unpinned packages. The skill otherwise appears to expect system binaries installed separately.
"dependencies": {
"rclone": "*",
"gpg": "*"
}Install rclone, gpg, tar, jq, and rsync from trusted system package sources, or pin/remove package dependencies and provide a lockfile if package-manager installation is intended.