ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Backup Restore

v1.0.1

系统备份恢复 - 全量备份、增量备份、自动备份计划、一键恢复、备份验证。保护配置、数据、技能和工作区。

0· 138·1 current·1 all-time
by@yuhui435
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md describes backing up ~/.openclaw, workspace/, skills/, and multiple agent workspaces. The Python script instead uses a hardcoded base_dir = Path(r"C:\Users\qq125\.openclaw") and only zips a few items (openclaw.json, cron-check.json, workspace). It does not implement backing up skills/ or workspace-* locations as described. The hardcoded Windows path and specific username conflict with the documented (~) paths and cross‑platform expectations.
!
Instruction Scope
Documentation instructs full/incremental/verify/restore and recommends cron integration. The script: (1) implements full and incremental backups in a simplified way (incremental just zips two config files), (2) verify actually tests zip integrity, but (3) restore is a stub that only prints messages and does not extract or restore files. That contradicts the "一键恢复" (one‑click restore) claim. The script will create/operate under the hardcoded path rather than honoring ~ or other agent workspaces.
Install Mechanism
Instruction-only skill with a single Python script; no install spec or external downloads. Low installation risk from third‑party fetches.
Credentials
The skill does not request environment variables, credentials, or config paths in metadata. The script accesses only filesystem paths (but hardcoded). No explicit secrets requested.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It does create a backups directory inside its hardcoded base_dir when run, but it does not modify other skills or global agent configuration.
What to consider before installing
Do not treat this as a drop‑in backup tool yet. The main issues are: (1) the script hardcodes C:\Users\qq125\.openclaw instead of using the user's home directory (~ or Path.home()) — running it may create or act on an unexpected path; (2) the incremental/full behavior is simplified and may not capture all items the SKILL.md promises (skills/, other agent workspaces); (3) restore is currently a stub and will not actually restore files. Before installing or scheduling this: test in a safe environment, inspect/modify the script to use a configurable base_dir (argument or env var) or Path.home(), implement proper restore extraction, and confirm backup targets and exclusions (sensitive files, .git, large files). If you don't trust the author, request code changes or use a well‑maintained backup tool instead. If the hardcoded username is unexpected, treat that as a red flag until clarified.

Like a lobster shell, security has layers — review code before you run it.

latestvk973gseg2fgzps9zjy7yxyg60n83f22q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments