v2.2.0

Simple Backup

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:51 AM.

Analysis

This looks like a coherent backup tool, but it handles broad OpenClaw state and credential data and can sync encrypted backups to cloud, so it deserves careful review before installation.

GuidanceInstall only if you intend to back up the full OpenClaw workspace, state, and skills. Before first use, inspect what is inside the state directory, use a strong backup passphrase, keep the passphrase outside the backed-up data when possible, and point rclone only at a dedicated backup destination.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

package.json

"dependencies": {
      "rclone": "*",
      "gpg": "*"
  }

The package declares wildcard npm dependencies for tools that are otherwise documented as system binaries, creating provenance ambiguity if installed through a package manager.

User impactA package-manager install could pull unpinned third-party packages rather than only using the expected local rclone and gpg binaries.

RecommendationPrefer the documented system binary installation path, pin or remove wildcard package dependencies, and verify the installed command sources.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

simple-backup.sh

KEY_FILE="$STATE_DIR/credentials/backup.key"
...
rsync -a --exclude 'logs' --exclude 'media' --exclude 'browser' "$STATE_DIR/" "$STAGING_DIR/state/"

The script reads a backup password from the OpenClaw credentials area and copies the whole state directory except a few exclusions, so credential/configuration material may be included in the backup archive.

User impactThe backup may contain sensitive OpenClaw state, configuration, and credentials, not just ordinary workspace files.

RecommendationReview the state directory before use, consider excluding unnecessary credential material, and store the backup passphrase somewhere that is not itself included in the backup.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

simple-backup.sh

if [ -n "$REMOTE_DEST" ]; then
    ...
    rclone sync "$BACKUP_ROOT" "$REMOTE_DEST" --include "*.gpg" --progress

When a remote destination is configured, the encrypted backup archive is sent to an external rclone remote.

User impactEncrypted backups may leave the local machine and be stored with a cloud provider or other remote configured in rclone.

RecommendationUse a dedicated remote backup folder, confirm the rclone remote points to the intended account/path, and protect the encryption passphrase.