Openclaw Auto Backup
v0.1.6OpenClaw 自动备份技能 - 定时备份配置文件,防止数据丢失。 支持版本管理、一键恢复、定时任务。包含完整 Python 脚本(backup/restore/list/cleanup)。 已通过 ClawHub 多次安全审查(ZipSlip/Symlink/Manifest 修复)。 关键词:opencla...
⭐ 1· 371·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (automated backups of OpenClaw config) align with the included scripts and config. The scripts operate on ~/.openclaw, create archives, list, restore and clean backups — which is exactly what the skill claims to do.
Instruction Scope
Runtime instructions are narrowly scoped to local backup operations and do not instruct reading unrelated system files or sending data externally. Minor inconsistencies: SKILL.md claims an OpenClaw built-in cron task (with an ID) and automatic scheduling at 02:00, but the codebase contains no installer that registers system cron jobs or the platform cron entry — this likely relies on the platform, not the scripts. Also the SKILL.md/config recommend excluding sensitive files and warn that backups are not encrypted.
Install Mechanism
Instruction-only install (scripts included in the skill bundle). No external downloads, package installs, or execution of fetched code — low install risk.
Credentials
No environment variables, credentials, or external config paths are requested. The scripts access only user home (~/.openclaw) and their own config file. Note: the default watch list includes files that may contain sensitive data (MEMORY.md, USER.md, etc.); the skill warns backups are unencrypted and provides exclude patterns.
Persistence & Privilege
Skill does not request 'always: true' and does not modify other skills. It writes backup files to ~/.openclaw/backups and may be scheduled by the user or the OpenClaw platform; ensure you understand how scheduling is registered before enabling automatic run.
Assessment
This skill appears to implement a local backup/restore tool and does not phone home or request secrets. Before installing: 1) Inspect config/backup-config.json to confirm which files are watched and add exclude patterns for any files containing secrets (API keys, token files, memory dumps). 2) Be aware backups are stored unencrypted by default — encrypt them (gpg/age) or enable secure storage if you have sensitive data. 3) Test backup and restore with --debug / --dry-run in a safe environment to verify behavior. 4) Note small implementation issues (tilde paths in config may not be expanded by the scripts; manifest totalSize calculation may be incorrect and some directory restore paths may not handle directories cleanly) — these are bugs, not signs of exfiltration. 5) Confirm how the OpenClaw platform registers the claimed cron job (the scripts themselves do not auto-register system cron entries). If you require encrypted offsite backups or central credential handling, consider a dedicated backup solution instead.Like a lobster shell, security has layers — review code before you run it.
latestvk975bxfs9rn9a94aj5gw8qdwd582v6vj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.