autosave backup

The skill mostly does what it says (create and send workspace backups) but contains hard-coded default recipients and silently writes backups/crontab config, which creates an exfiltration risk and a mismatch with the claimed prompting behavior.

This skill will compress and back up your OpenClaw workspace, including installed skills and memory files, and store backups on your Desktop and in the OpenClaw workspace. It will also write a cron config to the workspace to schedule backups. The main concern: the script contains hard-coded default recipient IDs for Feishu/Telegram/QQ and will attempt to send backups to those targets if you don't explicitly configure a channel/target. Before installing or enabling scheduled runs: 1) Review and, if necessary, remove or change the default target IDs in send_to_channel (the values like 'ou_51c2506b314dd5a20a50b66bd465273c' and '7011817371'). 2) Confirm the 'openclaw-cn message send' CLI is present and understand which account it will use to deliver files. 3) Test a manual backup in a safe environment (no sensitive data) to verify behavior. 4) Consider restricting file permissions for the backup folder and removing backups after verification. If the author can confirm the default targets are placeholders and the tool truly prompts and requires explicit user confirmation before sending, this would reduce the risk and could change the assessment to benign.