OpenClaw Daily Backup
WarnAudited by ClawScan on May 18, 2026.
Overview
The backup purpose is coherent, but the package includes pre-existing OpenClaw backup snapshots and gives conflicting safety guidance about secret-containing backups.
Install only if you are comfortable with a tool that reads and overwrites core OpenClaw identity/config files. Before restoring, inspect or remove the bundled backups directory, create your own backup, use --dry-run, and do not commit or share backups unless you have confirmed secrets are removed or the backups are encrypted.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you run restore before creating and selecting your own backup, your agent's identity, instructions, user profile, or tool configuration could be replaced with bundled backup content.
The release includes pre-existing backup snapshots of core agent instruction, identity, user-profile, and configuration files. Because the skill documents restoring the latest backup, these bundled files could become persistent workspace context if restored.
backups/2026-03-14T05-39-50/AGENTS.md ... backups/2026-03-14T05-39-50/SOUL.md ... backups/2026-03-14T05-39-50/USER.md ... backups/2026-03-14T05-39-50/openclaw.sanitized.json
Do not restore until you have inspected the backups directory. The publisher should remove bundled backups from the release, ignore sample backups by default, and require an explicit user-created backup selection.
You could accidentally expose API keys, tokens, or private user information if you publish or sync the backup directory assuming it has been fully sanitized.
This broad safety claim conflicts with the documented behavior that TOOLS.md is backed up and SKILL.md states backups may contain API keys and user information. The mismatch can cause users to over-trust backups as safe to share or commit.
No API keys or tokens are stored in backup files
Treat all backups as sensitive unless independently verified. Encrypt them before off-machine storage and avoid committing them to public or shared repositories.
A mistaken restore can roll your agent configuration back to an older or unintended state.
The restore command is intended to overwrite core workspace files. This is central to the skill's backup/recovery purpose and dry-run guidance is documented, but it remains a high-impact local mutation.
# Restore latest backup node scripts/restore.mjs
Always run the documented --dry-run command first, inspect the target backup, and keep the automatic pre-restore backup for rollback.
Backups may continue running on a schedule after setup and may keep creating sensitive copies of workspace files.
The skill documents recurring scheduled execution through cron or heartbeat. This is disclosed and appropriate for daily backups, but it creates persistent background behavior if the user installs it.
Add to OpenClaw heartbeat or system cron: ... 0 2 * * * cd /Users/m1/.openclaw/workspace-hunter/soul-backup-skill && node scripts/backup.mjs
Only add the cron/heartbeat entry if you want ongoing backups, and periodically review scheduled jobs and backup retention.